diff --git a/packstack/plugins/qpid_002.py b/packstack/plugins/qpid_002.py
index 903db1ac3..2325010f9 100644
--- a/packstack/plugins/qpid_002.py
+++ b/packstack/plugins/qpid_002.py
@@ -207,9 +207,7 @@ def createmanifest(config):
     manifestdata = ""
     ssl_manifestdata = ""
     server = utils.ScriptRunner(config['CONFIG_QPID_HOST'])
-    ports = set(["'5672'"])
     if config['CONFIG_QPID_ENABLE_SSL'] == 'y':
-        ports.add("'%s'" % (config['CONFIG_QPID_SSL_PORT']))
         config['CONFIG_QPID_ENABLE_SSL'] = 'true'
         config['CONFIG_QPID_PROTOCOL'] = 'ssl'
         config['CONFIG_QPID_CLIENTS_PORT'] = "5671"
@@ -240,11 +238,15 @@ def createmanifest(config):
     #All hosts should be able to talk to qpid
     hosts = ["'%s'" % i for i in filtered_hosts(config, exclude=False)]
     # if the rule already exists for one port puppet will fail
-    # we have to add them by separate
-    for port in ports:
-        config['FIREWALL_ALLOWED'] = ','.join(hosts)
-        config['FIREWALL_SERVICE_NAME'] = "qpid - %s" % (port)
-        config['FIREWALL_PORTS'] = port
-        manifestdata += getManifestTemplate("firewall.pp")
+    # so i had to add always both qpid ports (plain and SSL) in order
+    # to avoid rule changes, this is due some problematic behaviour of
+    # the puppet firewall module
+    # this is a temporary solution, as soon as the firewall module is
+    # updated we'll go back to previous state in which we open just
+    # the needed ports
+    config['FIREWALL_ALLOWED'] = ','.join(hosts)
+    config['FIREWALL_SERVICE_NAME'] = "qpid"
+    config['FIREWALL_PORTS'] =  "'5671', '5672'"
+    manifestdata += getManifestTemplate("firewall.pp")
 
     appendManifestFile(manifestfile, manifestdata, 'pre')
diff --git a/packstack/puppet/templates/qpid_ssl.pp b/packstack/puppet/templates/qpid_ssl.pp
index 835cfd459..21312ac26 100644
--- a/packstack/puppet/templates/qpid_ssl.pp
+++ b/packstack/puppet/templates/qpid_ssl.pp
@@ -4,13 +4,20 @@ group { 'qpidd':
     ensure => 'present',
 }
 
+exec { 'stop_qpid' :
+        command => '/sbin/service qpidd stop',
+}
+
 user { 'qpidd':
     ensure     => 'present',
     managehome => true,
     home       => '/var/run/qpidd',
-    require => Group['qpidd']
+    require => Group['qpidd'],
+    before => Class['qpid::server']
 }
 
+Exec['stop_qpid']->User['qpidd']
+
 file { 'pid_dir':
     path => '/var/run/qpidd',
     ensure => directory,