diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
index 450f6e194..638bc85ff 100644
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -422,6 +422,9 @@ firewall:
                 - yum
                 - docker_registry
                 - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
@@ -582,6 +585,9 @@ firewall:
                 - yum
                 - docker_registry
                 - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
@@ -752,6 +758,9 @@ firewall:
                 - yum
                 - docker_registry
                 - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
diff --git a/salt/logstash/enabled.sls b/salt/logstash/enabled.sls
index bb1c2f472..abc28cfe6 100644
--- a/salt/logstash/enabled.sls
+++ b/salt/logstash/enabled.sls
@@ -58,7 +58,7 @@ so-logstash:
       - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
       - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
       {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-eval','so-fleet', 'so-heavynode'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-eval','so-fleet', 'so-heavynode', 'so-receiver'] %}
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.crt:/usr/share/logstash/elasticfleet-logstash.crt:ro
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.p8:/usr/share/logstash/elasticfleet-logstash.key:ro
       {% endif %}
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index e077d55d0..96953ffff 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -140,7 +140,7 @@ rediskeyperms:
     - group: 939
 {% endif %}
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 # Create cert for Elastic Fleet Host
 
 etc_elasticfleet_key:
diff --git a/salt/vars/receiver.map.jinja b/salt/vars/receiver.map.jinja
new file mode 100644
index 000000000..964f69663
--- /dev/null
+++ b/salt/vars/receiver.map.jinja
@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}