diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index da63475f7..fcdc9491c 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -81,6 +81,8 @@ IRONIC_INSPECTOR_NODE_NOT_FOUND_HOOK=${IRONIC_INSPECTOR_NODE_NOT_FOUND_HOOK:-""}
 IRONIC_INSPECTOR_OVS_PORT=${IRONIC_INSPECTOR_OVS_PORT:-brbm-inspector}
 IRONIC_INSPECTOR_EXTRA_KERNEL_CMDLINE=${IRONIC_INSPECTOR_EXTRA_KERNEL_CMDLINE:-""}
 IRONIC_INSPECTOR_POWER_OFF=${IRONIC_INSPECTOR_POWER_OFF:-True}
+IRONIC_INSPECTOR_MANAGED_BOOT=$(trueorfalse False IRONIC_INSPECTOR_MANAGED_BOOT)
+IRONIC_INSPECTION_NET_NAME=${IRONIC_INSPECTION_NET_NAME:-$IRONIC_CLEAN_NET_NAME}
 if is_service_enabled swift; then
     DEFAULT_DATA_STORE=swift
 else
@@ -154,7 +156,8 @@ function start_inspector {
 
 function is_inspector_dhcp_required {
     [[ "$IRONIC_INSPECTOR_MANAGE_FIREWALL" == "True" ]] || \
-    [[ "${IRONIC_INSPECTOR_DHCP_FILTER:-iptables}" != "noop" ]]
+        [[ "${IRONIC_INSPECTOR_DHCP_FILTER:-iptables}" != "noop" ]] && \
+        [[ "$IRONIC_INSPECTOR_MANAGED_BOOT" == "False" ]]
 }
 
 function start_inspector_dhcp {
@@ -335,6 +338,15 @@ function configure_inspector {
 
     iniset "$IRONIC_CONF_FILE" inspector enabled True
     iniset "$IRONIC_CONF_FILE" inspector service_url $IRONIC_INSPECTOR_URI
+    if [[ "$IRONIC_INSPECTOR_MANAGED_BOOT" == "True" ]]; then
+        iniset "$IRONIC_CONF_FILE" neutron inspection_network $IRONIC_INSPECTION_NET_NAME
+        iniset "$IRONIC_CONF_FILE" inspector require_managed_boot True
+        iniset "$IRONIC_CONF_FILE" inspector extra_kernel_params \
+            "ipa-inspection-collectors=\"$IRONIC_INSPECTOR_COLLECTORS\""
+        # In this mode we do not have our own PXE environment, so do not accept
+        # requests without manage_boot=False.
+        inspector_iniset DEFAULT can_manage_boot False
+    fi
 
     setup_logging $IRONIC_INSPECTOR_CONF_FILE DEFAULT
 
@@ -415,29 +427,33 @@ EOF
 }
 
 function prepare_environment {
-    prepare_tftp
     create_ironic_inspector_cache_dir
 
-    if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then
-        sudo ip link add $IRONIC_INSPECTOR_OVS_PORT type veth peer name $IRONIC_INSPECTOR_INTERFACE
-        sudo ip link set dev $IRONIC_INSPECTOR_OVS_PORT up
-        sudo ip link set dev $IRONIC_INSPECTOR_OVS_PORT mtu $PUBLIC_BRIDGE_MTU
-        sudo ovs-vsctl add-port $IRONIC_VM_NETWORK_BRIDGE $IRONIC_INSPECTOR_OVS_PORT
+    if [[ "$IRONIC_INSPECTOR_MANAGED_BOOT" == "False" ]]; then
+        prepare_tftp
+
+        if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then
+            sudo ip link add $IRONIC_INSPECTOR_OVS_PORT type veth peer name $IRONIC_INSPECTOR_INTERFACE
+            sudo ip link set dev $IRONIC_INSPECTOR_OVS_PORT up
+            sudo ip link set dev $IRONIC_INSPECTOR_OVS_PORT mtu $PUBLIC_BRIDGE_MTU
+            sudo ovs-vsctl add-port $IRONIC_VM_NETWORK_BRIDGE $IRONIC_INSPECTOR_OVS_PORT
+        fi
+        sudo ip link set dev $IRONIC_INSPECTOR_INTERFACE up
+        sudo ip link set dev $IRONIC_INSPECTOR_INTERFACE mtu $PUBLIC_BRIDGE_MTU
+        sudo ip addr add $IRONIC_INSPECTOR_INTERNAL_IP_WITH_NET dev $IRONIC_INSPECTOR_INTERFACE
+
+        sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p udp \
+            --dport 69 -j ACCEPT
+        sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp \
+            --dport $IRONIC_INSPECTOR_PORT -j ACCEPT
+
+        if [[ "$IRONIC_INSPECTOR_STANDALONE" == "False" ]]; then
+            sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp --dport 80 -j ACCEPT
+            sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp --dport 443 -j ACCEPT
+        fi
+    else
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_INSPECTOR_PORT -j ACCEPT
     fi
-    sudo ip link set dev $IRONIC_INSPECTOR_INTERFACE up
-    sudo ip link set dev $IRONIC_INSPECTOR_INTERFACE mtu $PUBLIC_BRIDGE_MTU
-    sudo ip addr add $IRONIC_INSPECTOR_INTERNAL_IP_WITH_NET dev $IRONIC_INSPECTOR_INTERFACE
-
-    sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p udp \
-        --dport 69 -j ACCEPT
-    sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp \
-        --dport $IRONIC_INSPECTOR_PORT -j ACCEPT
-
-    if [[ "$IRONIC_INSPECTOR_STANDALONE" == "False" ]]; then
-        sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp --dport 80 -j ACCEPT
-        sudo iptables -I INPUT -i $IRONIC_INSPECTOR_INTERFACE -p tcp --dport 443 -j ACCEPT
-    fi
-
 }
 
 # create_ironic_inspector_cache_dir() - Part of the prepare_environment() process
diff --git a/zuul.d/ironic-inspector-jobs.yaml b/zuul.d/ironic-inspector-jobs.yaml
index d88bfb9dc..bcf2815c8 100644
--- a/zuul.d/ironic-inspector-jobs.yaml
+++ b/zuul.d/ironic-inspector-jobs.yaml
@@ -73,6 +73,15 @@
         IRONIC_INSPECTOR_DHCP_FILTER: dnsmasq
         IRONIC_INSPECTOR_INTROSPECTION_DATA_STORE: database
 
+- job:
+    name: ironic-inspector-tempest-managed
+    description: A job with boot managed by ironic
+    parent: ironic-inspector-base
+    vars:
+      devstack_localrc:
+        IRONIC_INSPECTOR_MANAGED_BOOT: True
+        IRONIC_INSPECTOR_NODE_NOT_FOUND_HOOK: ''
+
 - job:
     # Security testing for known issues
     name: ironic-inspector-tox-bandit
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index eaa3d41fc..55b7fe561 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -12,6 +12,7 @@
         - ironic-inspector-grenade-dsvm
         - ironic-inspector-tempest
         - ironic-inspector-tempest-discovery
+        - ironic-inspector-tempest-managed
         - ironic-inspector-non-standalone-tempest
         - openstack-tox-functional
         - openstack-tox-functional-py36
@@ -25,6 +26,7 @@
         - ironic-inspector-grenade-dsvm
         - ironic-inspector-tempest
         - ironic-inspector-tempest-discovery
+        - ironic-inspector-tempest-managed
         - ironic-inspector-non-standalone-tempest
         - openstack-tox-functional
         - openstack-tox-functional-py36