diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml
index 6289c70124fe3b3cc88fc17b809365d43ffb461b..cc5c83dd1a1e93c34771c86d5ff73b262a941272 100644
--- a/host_vars/gulp.adm.crans.org.yml
+++ b/host_vars/gulp.adm.crans.org.yml
@@ -7,6 +7,9 @@ interfaces:
   wifi_new: ens1f0.22
   zayo: ens1f0.26
 
+firewall:
+  version: gulp
+
 loc_keepalived:
   instances:
     - name: router
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index 284bf31ab302d4a78f6c69e18faeb7c0393987aa..c3d4db4a374c7621d472fe85d8335f965cdef3cd 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -7,6 +7,8 @@ interfaces:
   adh: ens22
   adh_nat: ens23
 
+firewall:
+  version: HEAD
 
 loc_keepalived:
   instances:
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
index 9c76a9586e77a124b1c29d7fddb1d8037f748bc8..ea5639d516378eaf138f6220f35bcf2bf4c362e0 100644
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -8,6 +8,8 @@ interfaces:
   adh_nat: ens23
   srv_old: ens1
 
+firewall:
+  version: HEAD
 
 loc_keepalived:
   instances:
diff --git a/hosts b/hosts
index 0d5280dcb98a59c77ed9cc948a79bbe86ba469ee..a4c03b0cd771cde63544bee319b9d9e1374c68f2 100644
--- a/hosts
+++ b/hosts
@@ -69,6 +69,7 @@ tealc.adm.crans.org
 sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
+gulp.adm.crans.org
 
 [crans_vm]
 voyager.adm.crans.org
diff --git a/plays/firewall.yml b/plays/firewall.yml
index 720c2f971e024ee0a73c906d20223d15d691922b..75a2f0710ffd58e21bfb68ba8cb3a8158276c236 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -10,7 +10,7 @@
     - arp-proxy
 
 # Deploy firewall
-- hosts: crans_routeurs
+- hosts: crans_routeurs,gulp.adm.crans.org
   vars:
     re2o:
       server: re2o.adm.crans.org
@@ -20,7 +20,7 @@
     - firewall
 
 # Deploy BGP server configuration on IPv4 routers
-- hosts: crans_routeurs
+- hosts: crans_routeurs,gulp.adm.crans.org
   vars:
     zebra:
       password: "{{ vault_zebra_password }}"
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index b5801290939f25f3921b952f38037cf0e37af3a2..1d4879ec05086f82dc2fad6c7fc975ee07cc1df1 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -31,6 +31,7 @@
 - name: Clone firewall repository
   git:
     repo: 'http://gitlab.adm.crans.org/nounous/firewall.git'
+    version: "{{ firewall.version }}"
     dest: /var/local/firewall
     umask: '002'