diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 0b6cbe2c2a..f46d2a7009 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -2860,6 +2860,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
 
         with db_api.context_manager.writer.using(context):
             original_port = super(NsxV3Plugin, self).get_port(context, id)
+            self._remove_provider_security_groups_from_list(original_port)
             port_data = port['port']
             nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
                 context.session, id)
@@ -2918,6 +2919,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                     raise n_exc.InvalidInput(error_message=msg)
                 self._update_mac_learning_state(context, id,
                                                 mac_learning_state)
+            self._remove_provider_security_groups_from_list(updated_port)
 
         address_bindings = self._build_address_bindings(updated_port)
         if port_security and address_bindings:
diff --git a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
index 83742c6738..0f19a678e1 100644
--- a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
+++ b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
@@ -344,7 +344,20 @@ class ProviderSecurityGroupExtTestCase(
 
 class TestNSXv3ProviderSecurityGrp(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,
                                    ProviderSecurityGroupExtTestCase):
-    pass
+
+    def test_update_port_remove_provider_sg(self):
+        # need to create provider security group first.
+        self._create_provider_security_group()
+        with self.port(tenant_id=self._tenant_id) as p:
+            body = {'port': {'provider_security_groups': []}}
+            req = self.new_update_request('ports', body, p['port']['id'])
+            port = self.deserialize(self.fmt, req.get_response(self.api))
+            # confirm that the group has been removed.
+            self.assertEqual([], port['port']['provider_security_groups'])
+            # make sure that the security groups did not contain the provider
+            # security group
+            self.assertEqual(p['port']['security_groups'],
+                             port['port']['security_groups'])
 
 
 class TestNSXvProviderSecurityGroup(test_nsxv_plugin.NsxVPluginV2TestCase,