diff --git a/roles/float-infra-haproxy/templates/firewall/20haproxy.j2 b/roles/float-infra-haproxy/templates/firewall/20haproxy.j2
index ce02899bdae4510e50ace2c0eed48cf6ff02c229..6460e7fe115d1c2a9a1ad2d599564154968580a1 100644
--- a/roles/float-infra-haproxy/templates/firewall/20haproxy.j2
+++ b/roles/float-infra-haproxy/templates/firewall/20haproxy.j2
@@ -1,11 +1,11 @@
-{% for service_name, service in services|dictsort %}
+{% for service_name, service in services | dictsort %}
 {% for ep in service.get('public_tcp_endpoints', []) %}
 {% if ep.get('ports', []) %}
 {% for port in ep.ports %}
 allow_port tcp {{ port }}
 {% endfor %}
 {% else %}
-allow_port tcp {{ ep.port }}
+allow_port tcp {{ ep.public_port | default(ep.port) }}
 {% endif %}
 {% endfor %}
 {% endfor %}
diff --git a/roles/float-infra-haproxy/templates/haproxy.cfg.j2 b/roles/float-infra-haproxy/templates/haproxy.cfg.j2
index 23e1263ff927df794382f90447c148a8461b9a48..e8dce8b4f3ab8529c2be8758f877a027fdf2bc9d 100644
--- a/roles/float-infra-haproxy/templates/haproxy.cfg.j2
+++ b/roles/float-infra-haproxy/templates/haproxy.cfg.j2
@@ -47,11 +47,11 @@ backend be_{{ service_name }}_{{ ep.name }}_{{ port }}
 {% endfor %} # ep.ports
 
 {% else %}
-frontend fe_{{ service_name }}_{{ ep.name }}_{{ ep.port }}
-        bind :::{{ ep.port }}
+{% set public_port = ep.public_port | default(ep.port) %}
+frontend fe_{{ service_name }}_{{ ep.name }}_{{ public_port }}
+        bind :::{{ public_port }}
         default_backend be_{{ service_name }}_{{ ep.name }}_{{ ep.port }}
 
-
 backend be_{{ service_name }}_{{ ep.name }}_{{ ep.port }}
         log global
         balance leastconn