diff --git a/salt/firewall/defaults_soc_firewall.yaml b/salt/firewall/soc/defaults_soc_firewall.yaml
similarity index 100%
rename from salt/firewall/defaults_soc_firewall.yaml
rename to salt/firewall/soc/defaults_soc_firewall.yaml
diff --git a/salt/firewall/soc/init.sls b/salt/firewall/soc/init.sls
new file mode 100644
index 000000000..2530606cc
--- /dev/null
+++ b/salt/firewall/soc/init.sls
@@ -0,0 +1,5 @@
+soc_firewall_yaml:
+  file.managed:
+    - name: /opt/so/saltstack/local/salt/firewall/soc_firewall.yaml
+    - source: salt://firewall/soc/soc_firewall.yaml.jinja
+    - template: jinja
diff --git a/salt/firewall/soc/soc.map.jinja b/salt/firewall/soc/soc.map.jinja
new file mode 100644
index 000000000..cd3fa0401
--- /dev/null
+++ b/salt/firewall/soc/soc.map.jinja
@@ -0,0 +1,2 @@
+{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
+{% set SOC_FIREWALL = salt['pillar.get'}('firewall:custom_groups:groups', DEFAULT_SOC_FIREWALL.firewall.hostgroups, merge=True) %}
diff --git a/salt/firewall/soc/soc_firewall.yaml.jinja b/salt/firewall/soc/soc_firewall.yaml.jinja
new file mode 100644
index 000000000..916fd83d1
--- /dev/null
+++ b/salt/firewall/soc/soc_firewall.yaml.jinja
@@ -0,0 +1 @@
+{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL %}