Hi, Solution: add the fallowing lines in l3_agent.ini [fwaas] agent_version = v2 driver = neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver enabled = true Found an error message that helps with diagnosis: 2023-03-24 10:19:31.472 34 ERROR oslo_messaging.rpc.server [None req-c917b0a9-40b9-475d-b0ed-a82c35c81739 e7cefef0e39d4fc09f323cb91478060e ae3c4f4dd2dc439fa04e653d6741123a - - - -] Exception during message handling: AttributeError: 'L3WithFWaaS' object has no attribute 'fwaas_driver' 2023-03-24 10:19:31.472 34 ERROR oslo_messaging.rpc.server File "/var/lib/openstack/lib/python3.8/site-packages/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py", line 445, in update_firewall_group 2023-03-24 10:19:31.472 34 ERROR oslo_messaging.rpc.server self.fwaas_driver.delete_firewall_group(self.conf.agent_mode, 2023-03-24 10:19:31.472 34 ERROR oslo_messaging.rpc.server AttributeError: 'L3WithFWaaS' object has no attribute 'fwaas_driver' cat /var/lib/openstack/lib/python3.8/site-packages/neutron_fwaas/services/firewall/service_drivers/agents/l3reference/firewall_l3_agent_v2.py ... 403 @log_helpers.log_method_call 404 def update_firewall_group(self, context, firewall_group, host): 405 """Handles RPC from plugin to update a firewall group. 406 """ 407 408 # Initialize firewall group status. 409 status = "" 410 411 # Get the list of in-namespace ports from which to delete the firewall 412 # group. 413 del_fwg_ports = self._get_firewall_group_ports( 414 context, firewall_group, to_delete=True, require_new_plugin=True) 415 add_fwg_ports = self._get_firewall_group_ports(context, firewall_group) 416 417 port_ids = (firewall_group.get('del-port-ids') + 418 firewall_group.get('add-port-ids')) 419 420 if port_ids and not (del_fwg_ports or add_fwg_ports): 421 LOG.debug("All ports are not router port." 422 "No need to update firewall driver.") 423 return 424 425 # Remove firewall group from ports if requested. 426 if del_fwg_ports: 427 fw_ports = [p for ri_port in del_fwg_ports for p in ri_port[1]] 428 LOG.debug("Update (delete) firewall group %(fwg_id)s on ports: " 429 "%(ports)s", 430 {'fwg_id': firewall_group['id'], 431 'ports': ', '.join(fw_ports)}) 432 433 # Set firewall group's status; will be overwritten if call to 434 # driver fails. 435 436 if firewall_group['admin_state_up']: 437 status = nl_constants.ACTIVE 438 if firewall_group['last-port']: 439 status = nl_constants.INACTIVE 440 else: 441 status = nl_constants.DOWN 442 443 # Call the driver. 444 try: 445 self.fwaas_driver.delete_firewall_group(self.conf.agent_mode, 446 del_fwg_ports, 447 firewall_group) 448 except fw_ext.FirewallInternalDriverError: 449 msg = ("FWaaS driver error in update_firewall_group " 450 "(add) for firewall group: %s") 451 LOG.exception(msg, firewall_group['id']) 452 status = nl_constants.ERROR