diff --git a/tools/ovn_migration/tripleo_environment/playbooks/ovn-migration.yml b/tools/ovn_migration/tripleo_environment/playbooks/ovn-migration.yml
index c0c73dadec6..4a00441d12f 100644
--- a/tools/ovn_migration/tripleo_environment/playbooks/ovn-migration.yml
+++ b/tools/ovn_migration/tripleo_environment/playbooks/ovn-migration.yml
@@ -13,6 +13,15 @@
   tags:
     - pre-migration
 
+
+- name: Pre migration checks in the OVN controllers
+  hosts: ovn-controllers
+  roles:
+    - pre-checks/ovn-controllers
+  tags:
+    - pre-migration
+
+
 #
 # This step is executed before migration, and will backup some config
 # files related to containers before those get lost.
diff --git a/tools/ovn_migration/tripleo_environment/playbooks/roles/pre-checks/ovn-controllers/tasks/main.yml b/tools/ovn_migration/tripleo_environment/playbooks/roles/pre-checks/ovn-controllers/tasks/main.yml
new file mode 100644
index 00000000000..7f8ebc410e9
--- /dev/null
+++ b/tools/ovn_migration/tripleo_environment/playbooks/roles/pre-checks/ovn-controllers/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Read OVS configuration file and extract "firewall_driver" variable.
+  set_fact:
+    firewall_driver: "{{ lookup('ini', 'firewall_driver section=securitygroup file=/var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/openvswitch_agent.ini', allow_no_value=True) }}"
+
+- name: Check OVS agent firewall is not using "iptables_hybrid" option
+  assert:
+    that:
+      - "'iptables_hybrid' != firewall_driver"
+    fail_msg: "OVS agent firewall cannot be 'iptables_hybrid', migration will not continue"