diff --git a/defaults/main.yml b/defaults/main.yml
index 650d9e3d..a1df76d1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -53,6 +53,8 @@ neutron_pip_package_state: "latest"
 # Source git repo/branch settings
 neutron_git_repo: https://opendev.org/openstack/neutron
 neutron_git_install_branch: master
+neutron_fwaas_git_repo: https://opendev.org/openstack/neutron-fwaas
+neutron_fwaas_git_install_branch: master
 neutron_vpnaas_git_repo: https://opendev.org/openstack/neutron-vpnaas
 neutron_vpnaas_git_install_branch: master
 neutron_dynamic_routing_git_repo: https://opendev.org/openstack/neutron-dynamic-routing
@@ -338,7 +340,7 @@ neutron_ipv6_ptr_zone_prefix_size: 116
 # Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.
 # neutron_plugin_base:
 #   - router
-#   - firewall/firewall_v2 either one or the other, not both
+#   - firewall_v2
 #   - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin
 #   - vpnaas
 #   - metering
@@ -446,6 +448,13 @@ neutron_nova_metadata_protocol: "{{ nova_metadata_protocol | default('http') }}"
 # this flag should be set to a boolean True.
 neutron_nova_metadata_insecure: "{{ nova_metadata_insecure | default(False) }}"
 
+###
+### FWaaS Configuration
+###
+
+neutron_driver_fwaasv2: iptables_v2
+neutron_fwaasv2_service_provider: FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
+
 ###
 ### VPNaaS Configuration
 ###
diff --git a/templates/l3_agent.ini.j2 b/templates/l3_agent.ini.j2
index b6b6a889..c6e5f377 100644
--- a/templates/l3_agent.ini.j2
+++ b/templates/l3_agent.ini.j2
@@ -26,6 +26,16 @@ enable_metadata_proxy = True
 # L3 plugins
 {% set l3_agent_plugins = [] %}
 
+{% if neutron_fwaas_v2 | bool %}
+# FWaaS v2
+{% set _ = l3_agent_plugins.append("fwaas_v2") %}
+[fwaas]
+enabled = true
+driver = {{ neutron_driver_fwaasv2 }}
+agent_version = v2
+firewall_l2_driver = noop
+{% endif %}
+
 {% if neutron_vpnaas | bool %}
 # VPNaaS
 {% set _ = l3_agent_plugins.append("vpnaas") %}
diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2
index 91bc56ac..8aae17f5 100644
--- a/templates/neutron.conf.j2
+++ b/templates/neutron.conf.j2
@@ -212,6 +212,9 @@ connection_recycle_time = {{ neutron_db_connection_recycle_time }}
 {% if neutron_vpnaas | bool %}
 service_provider = {{ neutron_vpnaas_service_provider }}
 {% endif %}
+{% if neutron_fwaas_v2 | bool %}
+service_provider = {{ neutron_fwaasv2_service_provider }}
+{% endif %}
 
 {% endif %}
 
diff --git a/vars/debian.yml b/vars/debian.yml
index 44ee77aa..ab62da14 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -87,6 +87,9 @@ neutron_optional_ovs_distro_packages:
 neutron_optional_lxb_distro_packages:
   - neutron-linuxbridge-agent
 
+neutron_optional_fwaas_distro_packages:
+  - python3-neutron-fwaas
+
 neutron_optional_vpnaas_distro_packages:
   - neutron-vpnaas-agent
 
diff --git a/vars/distro_install.yml b/vars/distro_install.yml
index ace5dd12..4b8d572e 100644
--- a/vars/distro_install.yml
+++ b/vars/distro_install.yml
@@ -36,6 +36,9 @@ neutron_package_list: |-
   {% set _ = packages.extend(neutron_lxb_distro_packages) %}
   {% set _ = packages.extend(neutron_optional_lxb_distro_packages) %}
   {% endif %}
+  {% if neutron_services['neutron-l3-agent']['group'] in group_names and neutron_fwaas_v2 | bool %}
+  {% set _ = packages.extend(neutron_optional_fwaas_distro_packages) %}
+  {% endif %}
   {% if neutron_services['neutron-l3-agent']['group'] in group_names and neutron_vpnaas | bool %}
   {% set _ = packages.extend(neutron_vpnaas_distro_packages) %}
   {% set _ = packages.extend(neutron_optional_vpnaas_distro_packages) %}
diff --git a/vars/main.yml b/vars/main.yml
index 2e2ef32b..daa8bf48 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -53,6 +53,9 @@ neutron_optional_calico_pip_packages:
   - python-etcd
   - etcd3gw
 
+neutron_optional_fwaas_pip_packages:
+  - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas"
+
 neutron_optional_vpnaas_pip_packages:
   - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas"
 
@@ -84,6 +87,9 @@ neutron_venv_packages: >-
   {%- if neutron_bgp | bool %}
   {%-   set _ = pkg_list.extend(neutron_optional_bgp_pip_packages) %}
   {%- endif %}
+  {%- if neutron_fwaas_v2 | bool %}
+  {%- set _ = pkg_list.extend(neutron_optional_fwaas_pip_packages) %}
+  {%- endif %}
   {%- if neutron_vpnaas | bool %}
   {%-   set _ = pkg_list.extend(neutron_optional_vpnaas_pip_packages) %}
   {%- endif %}
@@ -302,6 +308,7 @@ neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% els
 ###
 ### FWaaS Plugin Configuration
 ###
+neutron_fwaas_v2: "{{ ('firewall_v2' in neutron_plugin_base) | ternary('True', 'False') }}"
 
 ###
 ### VPNaaS Plugin Configuration
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 28946799..e8fa7091 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -79,6 +79,9 @@ neutron_optional_ovs_distro_packages:
 neutron_optional_lxb_distro_packages:
   - openstack-neutron-linuxbridge
 
+neutron_optional_fwaas_distro_packages:
+  - openstack-neutron-fwaas
+
 neutron_optional_vpnaas_distro_packages:
   - openstack-neutron-vpnaas