diff --git a/heat/engine/resources/neutron/router.py b/heat/engine/resources/neutron/router.py
index fb8b1f3910..199ec88159 100644
--- a/heat/engine/resources/neutron/router.py
+++ b/heat/engine/resources/neutron/router.py
@@ -60,8 +60,9 @@ class Router(neutron.NeutronResource):
                 ),
                 EXTERNAL_GATEWAY_ENABLE_SNAT: properties.Schema(
                     properties.Schema.BOOLEAN,
-                    _('Enables Source NAT on the router gateway.'),
-                    default=True,
+                    _('Enables Source NAT on the router gateway. NOTE: The '
+                      'default policy setting in Neutron restricts usage of '
+                      'this property to administrative users only.'),
                     update_allowed=True
                 ),
             },
@@ -118,6 +119,8 @@ class Router(neutron.NeutronResource):
                 self.neutron(),
                 'network',
                 gateway.pop(self.EXTERNAL_GATEWAY_NETWORK))
+            if gateway[self.EXTERNAL_GATEWAY_ENABLE_SNAT] is None:
+                del gateway[self.EXTERNAL_GATEWAY_ENABLE_SNAT]
         return props
 
     def handle_create(self):
diff --git a/heat/tests/test_neutron.py b/heat/tests/test_neutron.py
index 8cc530523d..b7b9ce8de3 100644
--- a/heat/tests/test_neutron.py
+++ b/heat/tests/test_neutron.py
@@ -1426,6 +1426,68 @@ class NeutronRouterTest(HeatTestCase):
         self.assertTrue(gateway_info.get('enable_snat'))
         self.m.VerifyAll()
 
+    def test_create_router_gateway_enable_snat(self):
+        clients.OpenStackClients.keystone().AndReturn(
+            fakes.FakeKeystoneClient())
+
+        router.neutronV20.find_resourceid_by_name_or_id(
+            mox.IsA(neutronclient.Client),
+            'network',
+            'public'
+        ).AndReturn('fc68ea2c-b60b-4b4f-bd82-94ec81110766')
+
+        neutronclient.Client.create_router({
+            "router": {
+                "name": "Test Router",
+                "external_gateway_info": {
+                    'network_id': 'fc68ea2c-b60b-4b4f-bd82-94ec81110766',
+                },
+                "admin_state_up": True,
+            }
+        }).AndReturn({
+            "router": {
+                "status": "BUILD",
+                "external_gateway_info": None,
+                "name": "Test Router",
+                "admin_state_up": True,
+                "tenant_id": "3e21026f2dc94372b105808c0e721661",
+                "id": "3e46229d-8fce-4733-819a-b5fe630550f8"
+            }
+        })
+
+        neutronclient.Client.show_router(
+            '3e46229d-8fce-4733-819a-b5fe630550f8').MultipleTimes().AndReturn({
+                "router": {
+                    "status": "ACTIVE",
+                    "external_gateway_info": {
+                        "network_id":
+                        "fc68ea2c-b60b-4b4f-bd82-94ec81110766",
+                        "enable_snat": True
+                    },
+                    "name": "Test Router",
+                    "admin_state_up": True,
+                    "tenant_id": "3e21026f2dc94372b105808c0e721661",
+                    "routes": [],
+                    "id": "3e46229d-8fce-4733-819a-b5fe630550f8"
+                }
+            })
+
+        self.m.ReplayAll()
+        t = template_format.parse(neutron_external_gateway_template)
+        t["Resources"]["router"]["Properties"]["external_gateway_info"].pop(
+            "enable_snat")
+        stack = utils.parse_stack(t)
+        rsrc = self.create_router(t, stack, 'router')
+
+        rsrc.validate()
+
+        ref_id = rsrc.FnGetRefId()
+        self.assertEqual('3e46229d-8fce-4733-819a-b5fe630550f8', ref_id)
+        gateway_info = rsrc.FnGetAtt('external_gateway_info')
+        self.assertEqual('fc68ea2c-b60b-4b4f-bd82-94ec81110766',
+                         gateway_info.get('network_id'))
+        self.m.VerifyAll()
+
     def test_update_router_gateway_as_property(self):
         self._create_router_with_gateway()