diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index bc3ad3aee..b90de2e14 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -1,4 +1,4 @@
-{% if grains['role'] == 'so-master' %}
+{% if grains['role'] == 'so-SENSOR' or grains['role'] == 'so-eval' %}
 {%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
 cluster.name: "{{ esclustername }}"
 network.host: 0.0.0.0
@@ -19,6 +19,6 @@ discovery.zen.minimum_master_nodes: 1
 path.logs: /var/log/elasticsearch
 action.destructive_requires_name: true
 transport.bind_host: 0.0.0.0
-transport.publish_host: {{ nodeip }} 
+transport.publish_host: {{ nodeip }}
 transport.publish_port: 9300
 {%- endif %}
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 6b0a3737e..b79a57f31 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -87,7 +87,7 @@ enable_docker_user_established:
     - ctstate: 'RELATED,ESTABLISHED'
 
 # Rules if you are a Master
-{% if grains['role'] == 'so-master' %}
+{% if grains['role'] == 'so-SENSOR' or grains['role'] == 'so-eval' %}
 #This should be more granular
 iptables_allow_master_docker:
   iptables.insert:
diff --git a/so-setup-network.sh b/so-setup-network.sh
index 6303c77ec..d348bb839 100644
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -1338,9 +1338,9 @@ if (whiptail_you_sure); then
     configure_minion eval
     set_node_type
     node_pillar
+    set_initial_firewall_policy
     salt_firstcheckin
     accept_salt_key_local
-    set_initial_firewall_policy
     salt_checkin_message
     salt_checkin
     checkin_at_boot