diff --git a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml
index 61c941aef..91b72e534 100644
--- a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml
+++ b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml
@@ -69,3 +69,6 @@ tripleo_backup_and_restore_ceph_backup_file: "/var/lib/ceph.tar.gz"
 
 # Ceph directory to back up
 tripleo_backup_and_restore_ceph_path: "/var/lib/ceph"
+
+# If there is a firewalld active, setup the zone where the NFS server ports need to be opened
+tripleo_backup_and_restore_firewalld_zone: "libvirt"
diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml b/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml
index 711999cd5..ae2250077 100644
--- a/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml
+++ b/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml
@@ -68,6 +68,38 @@
   tags:
     - bar_setup_nfs_server
 
+- name: Gather status of services running on the system
+  service_facts:
+  register: services_state
+  ignore_errors: true
+  tags:
+    - bar_setup_nfs_server
+
+- name: Open ports in firewalld
+  become: true
+  block:
+    - name: Allow NFS port 111 in the firewall
+      firewalld:
+        port: 111/tcp
+        permanent: true
+        immediate: true
+        state: enabled
+        zone: "{{ tripleo_backup_and_restore_firewalld_zone }}"
+
+    - name: Allow NFS port 2049 in the firewall
+      firewalld:
+        port: 2049/tcp
+        permanent: true
+        immediate: true
+        state: enabled
+        zone: "{{ tripleo_backup_and_restore_firewalld_zone }}"
+  when: >
+        services_state is defined and
+        services_state.ansible_facts.services['firewalld.service'] is defined and
+        services_state.ansible_facts.services['firewalld.service'].state == "running"
+  tags:
+    - bar_setup_nfs_server
+
 - name: Enable the NFS service in the NFS server
   become: true
   systemd: