diff --git a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
index 4557de4de4b..172ee94f04b 100644
--- a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -219,7 +219,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
         if (sourceIpAddressId == null) {
             return null;
         }
-        return _ipAddressDao.findById(sourceIpAddressId);
+        IPAddressVO sourceIp = _ipAddressDao.findById(sourceIpAddressId);
+        if (sourceIp == null) {
+            throw new CloudRuntimeException("Unable to find IP address by id=" + sourceIpAddressId);
+        }
+
+        return sourceIp;
     }
 
     protected FirewallRule createIngressFirewallRuleForIsolatedIp(FirewallRule rule, Account caller, IPAddressVO sourceIp)
diff --git a/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java b/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
index cfe89c68117..35657ec0902 100644
--- a/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
+++ b/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
@@ -27,6 +27,7 @@ import com.cloud.network.Network.Service;
 import com.cloud.network.NetworkModel;
 import com.cloud.network.NetworkRuleApplier;
 import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
@@ -43,6 +44,7 @@ import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.DomainManager;
 import com.cloud.utils.component.ComponentContext;
+import com.cloud.utils.exception.CloudRuntimeException;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.network.RoutedIpv4Manager;
 import org.junit.After;
@@ -97,6 +99,8 @@ public class FirewallManagerTest {
     FirewallRulesDao _firewallDao;
     @Mock
     NetworkDao _networkDao;
+    @Mock
+    IPAddressDao _ipAddressDao;
 
     @Spy
     @InjectMocks
@@ -694,4 +698,10 @@ public class FirewallManagerTest {
         IPAddressVO result = _firewallMgr.getSourceIpForIngressRule(null);
         Assert.assertNull(result);
     }
+
+    @Test(expected = CloudRuntimeException.class)
+    public void testGetSourceIpForIngressRuleReturnsNullWhenIpIsnotPresent() {
+        when(_ipAddressDao.findById(1L)).thenReturn(null);
+        _firewallMgr.getSourceIpForIngressRule(1L);
+    }
 }