diff --git a/neutron/agent/linux/openvswitch_firewall/firewall.py b/neutron/agent/linux/openvswitch_firewall/firewall.py
index 42bb1a7b048..786a2d6a199 100644
--- a/neutron/agent/linux/openvswitch_firewall/firewall.py
+++ b/neutron/agent/linux/openvswitch_firewall/firewall.py
@@ -534,7 +534,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
             if of_port.ofport != ovs_port.ofport:
                 self.sg_port_map.remove_port(of_port)
                 of_port = OFPort(port, ovs_port, of_port.vlan_tag)
-            self.sg_port_map.update_port(of_port, port)
+                self.sg_port_map.create_port(of_port, port)
+            else:
+                self.sg_port_map.update_port(of_port, port)
 
         return of_port
 
diff --git a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
index 7914efdd937..1048a72f3a2 100644
--- a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
+++ b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
@@ -475,6 +475,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
         self.mock_bridge.br.get_vif_port_by_id.return_value = \
             fake_ovs_port
         port = self.firewall.get_or_create_ofport(port_dict)
+        self.assertIn(of_port.id, self.firewall.sg_port_map.ports.keys())
         self.assertEqual(port.ofport, 2)
 
     def test_get_or_create_ofport_missing(self):