diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index 548db9e843..ade238f55e 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -31,6 +31,7 @@ resource_registry:
 parameter_defaults:
   # ensure we enable ip_forward before docker gets run
   KernelIpForward: 1
+  KernelIpNonLocalBind: 1
   KeystoneCorsAllowedOrigin: '*'
   # Increase the Token expiration time until we fix the actual session bug:
   # https://bugs.launchpad.net/tripleo/+bug/1761050
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index c6fa57f7fc..004f5ef4ae 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -42,6 +42,10 @@ parameters:
     default: 1
     description: Configures net.ipv4.ip_forward key
     type: number
+  KernelIpNonLocalBind:
+    default: 0
+    description: Configures net.ipv{4,6}.ip_nonlocal_bind key
+    type: number
   NeighbourGcThreshold1:
     default: 1024
     description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
@@ -144,6 +148,10 @@ outputs:
               # enable/disable ip forward for undercloud/docker
               net.ipv4.ip_forward:
                 value: {get_param: KernelIpForward}
+              net.ipv4.ip_nonlocal_bind:
+                value: {get_param: KernelIpNonLocalBind}
+              net.ipv6.ip_nonlocal_bind:
+                value: {get_param: KernelIpNonLocalBind}
               # prevent neutron bridges from autoconfiguring ipv6 addresses
               net.ipv6.conf.all.accept_ra:
                 value: 0