diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index c9196ad9171e12c5d6bbbf363820c078748702de..e8cdca9f831a5161a70e469ecc0f26fd90b1c933 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -770,6 +770,7 @@ enable_horizon: "{{ enable_openstack_core | bool }}"
 enable_horizon_blazar: "{{ enable_blazar | bool }}"
 enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
 enable_horizon_designate: "{{ enable_designate | bool }}"
+enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}"
 enable_horizon_heat: "{{ enable_heat | bool }}"
 enable_horizon_ironic: "{{ enable_ironic | bool }}"
 enable_horizon_magnum: "{{ enable_magnum | bool }}"
@@ -806,6 +807,7 @@ enable_neutron_vpnaas: "no"
 enable_neutron_sriov: "no"
 enable_neutron_mlnx: "no"
 enable_neutron_dvr: "no"
+enable_neutron_fwaas: "no"
 enable_neutron_qos: "no"
 enable_neutron_agent_ha: "no"
 enable_neutron_bgp_dragent: "no"
diff --git a/ansible/roles/horizon/defaults/main.yml b/ansible/roles/horizon/defaults/main.yml
index dcf4b526310763b6701345df28b1d5ec9686b251..04bf1763ac4ef999e2eb6b4b8f463005854acbac 100644
--- a/ansible/roles/horizon/defaults/main.yml
+++ b/ansible/roles/horizon/defaults/main.yml
@@ -9,6 +9,7 @@ horizon_services:
       ENABLE_BLAZAR: "{{ 'yes' if enable_horizon_blazar | bool else 'no' }}"
       ENABLE_CLOUDKITTY: "{{ 'yes' if enable_horizon_cloudkitty | bool else 'no' }}"
       ENABLE_DESIGNATE: "{{ 'yes' if enable_horizon_designate | bool else 'no' }}"
+      ENABLE_FWAAS: "{{ 'yes' if enable_horizon_fwaas | bool else 'no' }}"
       ENABLE_HEAT: "{{ 'yes' if enable_horizon_heat | bool else 'no' }}"
       ENABLE_IRONIC: "{{ 'yes' if enable_horizon_ironic | bool else 'no' }}"
       ENABLE_MAGNUM: "{{ 'yes' if enable_horizon_magnum | bool else 'no' }}"
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index fe01a5fc82ff3d5ef56464ec806876fcdb6d4eb2..4dd8213b34e8e3ea34824713b57d486cc139430c 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -656,6 +656,8 @@ neutron_metadata_workers: "{{ openstack_service_workers }}"
 # Subprojects
 ####################
 neutron_subprojects:
+  - name: "neutron-fwaas"
+    enabled: "{{ enable_neutron_fwaas | bool }}"
   - name: "networking-sfc"
     enabled: "{{ enable_neutron_sfc | bool }}"
   - name: "neutron-dynamic-routing"
@@ -725,6 +727,8 @@ neutron_modules_extra: []
 # Service Plugins
 ####################
 service_plugins:
+  - name: "firewall_v2"
+    enabled: "{{ enable_neutron_fwaas | bool }}"
   - name: "flow_classifier"
     enabled: "{{ enable_neutron_sfc | bool }}"
   - name: "metering"
@@ -783,6 +787,8 @@ agent_extensions:
 neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
 
 l3_agent_extensions:
+  - name: "fwaas_v2"
+    enabled: "{{ enable_neutron_fwaas | bool }}"
   - name: "vpnaas"
     enabled: "{{ enable_neutron_vpnaas | bool }}"
   - name: "port_forwarding"
diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml
index 707f30072d8e39edafb625555d39d53ffc7cba53..ef5055e37890e02f4e4c6706e471210e0fc4dcb6 100644
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -323,6 +323,28 @@
   notify:
     - "Restart {{ item.key }} container"
 
+- name: Copying over fwaas_driver.ini
+  become: true
+  vars:
+    service_name: "{{ item.key }}"
+    services_need_fwaas_driver_ini:
+      - "neutron-server"
+      - "neutron-l3-agent"
+  merge_configs:
+    sources:
+      - "{{ role_path }}/templates/fwaas_driver.ini.j2"
+      - "{{ node_custom_config }}/neutron/fwaas_driver.ini"
+    dest: "{{ node_config_directory }}/{{ service_name }}/fwaas_driver.ini"
+    mode: "0660"
+  when:
+    - enable_neutron_fwaas | bool
+    - item.key in services_need_fwaas_driver_ini
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ neutron_services }}"
+  notify:
+    - "Restart {{ item.key }} container"
+
 - name: Copying over metadata_agent.ini
   become: true
   vars:
diff --git a/ansible/roles/neutron/templates/fwaas_driver.ini.j2 b/ansible/roles/neutron/templates/fwaas_driver.ini.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b0df0858fbed108fc0b9aa49443605508c30be1b
--- /dev/null
+++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2
@@ -0,0 +1,11 @@
+[fwaas]
+enabled = True
+{% if neutron_plugin_agent == 'vmware_nsxv' %}
+driver = vmware_nsxv_edge
+{% else %}
+agent_version = v2
+driver = iptables_v2
+
+[service_providers]
+service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
+{% endif %}
diff --git a/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2 b/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2
index 6960ae4bb4e6ab8ac7f13d6cfecf19e8d519bd77..028988e93d5bc4075bf21f6e09fa07126d9eddae 100644
--- a/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2
+++ b/ansible/roles/neutron/templates/neutron-l3-agent-wrapper.sh.j2
@@ -7,10 +7,14 @@ set -o errexit
 neutron-netns-cleanup \
         --config-file /etc/neutron/neutron.conf \
         --config-file /etc/neutron/l3_agent.ini \
+{% if enable_neutron_fwaas | bool %}
+        --config-file /etc/neutron/fwaas_driver.ini \
+{% endif %}
         --force --agent-type l3
 {% endif %}
 
 neutron-l3-agent \
         --config-file /etc/neutron/neutron.conf \
         --config-file /etc/neutron/neutron_vpnaas.conf \
-        --config-file /etc/neutron/l3_agent.ini \
+        --config-file /etc/neutron/l3_agent.ini{% if enable_neutron_fwaas | bool %} \
+        --config-file /etc/neutron/fwaas_driver.ini{% endif %}
diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
index 5c1d79c33071f1f03107efe33e1115d19c68ae63..cd36548419df854a50854f7010bcc9fc6a0d55d5 100644
--- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
@@ -18,7 +18,13 @@
             "dest": "/etc/neutron/neutron_vpnaas.conf",
             "owner": "neutron",
             "perm": "0600"
-        },
+        }{% if enable_neutron_fwaas | bool %},
+        {
+            "source": "{{ container_config_directory }}/fwaas_driver.ini",
+            "dest": "/etc/neutron/fwaas_driver.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        }{% endif %},
         {
             "source": "{{ container_config_directory }}/l3_agent.ini",
             "dest": "/etc/neutron/l3_agent.ini",
diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2
index 8d6904eac1b603b753af9ea2a7f6da623c9ca73f..1fe3b349f50548006280bd43ea0bb844f0390ab6 100644
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@@ -1,5 +1,5 @@
 {
-    "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
+    "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}{% if enable_neutron_fwaas | bool %}--config-file /etc/neutron/fwaas_driver.ini{% endif %}",
     "config_files": [
         {
             "source": "{{ container_config_directory }}/neutron.conf",
@@ -7,6 +7,14 @@
             "owner": "neutron",
             "perm": "0600"
         },
+{% if enable_neutron_fwaas | bool %}
+        {
+            "source": "{{ container_config_directory }}/fwaas_driver.ini",
+            "dest": "/etc/neutron/fwaas_driver.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        },
+{% endif %}
         {
             "source": "{{ container_config_directory }}/neutron_vpnaas.conf",
             "dest": "/etc/neutron/neutron_vpnaas.conf",
diff --git a/doc/source/reference/networking/neutron-extensions.rst b/doc/source/reference/networking/neutron-extensions.rst
index 8a8dbab05aae33eb86d000660d29cc58803e1c3b..2e8be4b138450b72980d1386593a82c9ab5cdca0 100644
--- a/doc/source/reference/networking/neutron-extensions.rst
+++ b/doc/source/reference/networking/neutron-extensions.rst
@@ -23,6 +23,25 @@ For setting up a testbed environment and creating a port chain, please refer
 to :networking-sfc-doc:`networking-sfc documentation
 <contributor/system_design_and_workflow.html>`.
 
+Neutron FWaaS (Firewall-as-a-Service)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Preparation and deployment
+--------------------------
+
+.. warning::
+
+   FWaaS has currently no support for OVN.
+
+Modify the ``/etc/kolla/globals.yml`` file as the following example shows:
+
+.. code-block:: yaml
+
+   enable_neutron_fwaas: "yes"
+
+For more information on FWaaS in Neutron refer to the
+:neutron-doc:`Neutron FWaaS docs <admin/fwaas.html>`.
+
 Neutron VPNaaS (VPN-as-a-Service)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -90,7 +109,7 @@ For more information on this and VPNaaS in Neutron refer to the
 and the `OpenStack wiki <https://wiki.openstack.org/wiki/Neutron/VPNaaS>`_.
 
 Trunking
---------
+~~~~~~~~
 
 The network trunk service allows multiple networks to be connected to an
 instance using a single virtual NIC (vNIC). Multiple networks can be presented
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index ee2aebf8769fa6320d3ac50d2880f8c82554ed73..a7ba2ebb23a54d4a62a17efc7d67ab3661d6d119 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -360,6 +360,7 @@ workaround_ansible_issue_8743: yes
 #enable_horizon_blazar: "{{ enable_blazar | bool }}"
 #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
 #enable_horizon_designate: "{{ enable_designate | bool }}"
+#enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}"
 #enable_horizon_heat: "{{ enable_heat | bool }}"
 #enable_horizon_ironic: "{{ enable_ironic | bool }}"
 #enable_horizon_magnum: "{{ enable_magnum | bool }}"
@@ -392,6 +393,7 @@ workaround_ansible_issue_8743: yes
 #enable_neutron_vpnaas: "no"
 #enable_neutron_sriov: "no"
 #enable_neutron_dvr: "no"
+#enable_neutron_fwaas: "no"
 #enable_neutron_qos: "no"
 #enable_neutron_agent_ha: "no"
 #enable_neutron_bgp_dragent: "no"
diff --git a/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml b/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c513e4684b9a595c9efe382eb8beca3af6fad13f
--- /dev/null
+++ b/releasenotes/notes/re-add-neutron-fwaas-fb2211cf78ba2eb7.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Re-added support for neutron-fwaas v2. Set ``enable_neutron_fwaas: yes``
+    to enable.