diff --git a/roles/ipareplica/defaults/main.yml b/roles/ipareplica/defaults/main.yml
index a9dc4f91ba0925160105d65dc833ec10ab86ce93..d60c68c93a5005c0c93faa7a9c5b6451306c4fa2 100644
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -39,4 +39,5 @@ ipareplica_ignore_last_of_role: no
 ### additional ###
 ### packages ###
 ipareplica_install_packages: yes
-ipareplica_no_firewalld: no
+### firewalld ###
+ipareplica_setup_firewalld: yes
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 263fd8c649f81aa367f26f0fe8b735ea0011faf3..53e58bb3ed9656a2b756d013af5729de16b9544b 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -95,7 +95,7 @@
       --add-service=freeipa-replication
       {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
-    when: not ipareplica_no_firewalld | bool
+    when: ipareplica_setup_firewalld | bool
 
   - name: Install - Configure firewalld runtime
     command: >
@@ -105,7 +105,7 @@
       --add-service=freeipa-replication
       {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
-    when: not ipareplica_no_firewalld | bool
+    when: ipareplica_setup_firewalld | bool
 
   - name: Install - Replica preparation
     ipareplica_prepare:
diff --git a/roles/ipaserver/defaults/main.yml b/roles/ipaserver/defaults/main.yml
index edf3c5d303d75e61e4652447b4e0a49b1933e867..57d611e04619637c4c73be92506afe85d40b6a9d 100644
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -33,7 +33,7 @@ ipaserver_setup_ca: yes
 ### packages ###
 ipaserver_install_packages: yes
 ### firewalld ###
-ipaserver_no_firewalld: no
+ipaserver_setup_firewalld: yes
 
 ### additional ###
 ipaserver_allow_missing: [ ]
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 196a64d87c05f5957bf9ad2b1411d2839b6a45df..7808dd46f7042dd2ecac5bc5a3381dfe54c25017 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -378,7 +378,7 @@
       --add-service=freeipa-ldaps
       {{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
-    when: not ipaserver_no_firewalld | bool
+    when: ipaserver_setup_firewalld | bool
 
   - name: Install - Configure firewalld runtime
     command: >
@@ -387,4 +387,4 @@
       --add-service=freeipa-ldaps
       {{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
-    when: not ipaserver_no_firewalld | bool
+    when: ipaserver_setup_firewalld | bool