diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
index 23a22274e5b..47a905c1fe6 100644
--- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
+++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
@@ -108,6 +108,7 @@ import com.cloud.agent.api.MigrateCommand;
 import com.cloud.agent.api.ModifySshKeysCommand;
 import com.cloud.agent.api.ModifyStoragePoolAnswer;
 import com.cloud.agent.api.ModifyStoragePoolCommand;
+import com.cloud.agent.api.NetworkRulesSystemVmCommand;
 import com.cloud.agent.api.NetworkUsageAnswer;
 import com.cloud.agent.api.NetworkUsageCommand;
 import com.cloud.agent.api.PingCommand;
@@ -168,6 +169,7 @@ import com.cloud.host.Host.Type;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.Networks.RouterPrivateIpStrategy;
+import com.cloud.network.Networks.IsolationType;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.resource.ServerResource;
 import com.cloud.resource.ServerResourceBase;
@@ -865,6 +867,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
             	return execute((CheckSshCommand) cmd);
             } else if (cmd instanceof NetworkUsageCommand) {
             	return execute((NetworkUsageCommand) cmd);
+            } else if (cmd instanceof NetworkRulesSystemVmCommand) {
+               return execute((NetworkRulesSystemVmCommand)cmd);
             } else {
         		s_logger.warn("Unsupported command ");
                 return Answer.createUnsupportedCommandAnswer(cmd);
@@ -1724,6 +1728,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
 					_vms.put(cmd.getVmName(), State.Running);
 				}
 			}
+		
 			return new CheckVirtualMachineAnswer(cmd, state, vncPort);
 		} catch (LibvirtException e) {
 			return new CheckVirtualMachineAnswer(cmd, e.getMessage());
@@ -2224,7 +2229,12 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
 			if (vmSpec.getType() != VirtualMachine.Type.User) {
 				default_network_rules_for_systemvm(vmName);
 			} else {
-				default_network_rules(vmName, vmSpec.getNics()[0].getIp(), vmSpec.getId(), vmSpec.getNics()[0].getMac());
+			    NicTO[] nics = vmSpec.getNics();
+			    for (NicTO nic : nics) { 
+			        if (nic.getIsolationUri() != null && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) {
+			            default_network_rules(vmName, vmSpec.getNics()[0].getIp(), vmSpec.getId(), vmSpec.getNics()[0].getMac());
+			        }
+			    }
 			}
 
 			// Attach each data volume to the VM, if there is a deferred attached disk
@@ -3593,4 +3603,13 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
     	}
     	return storage;
     }
+    
+    private Answer execute(NetworkRulesSystemVmCommand cmd) {
+        boolean success = false;
+        if (cmd.getType() != VirtualMachine.Type.User) {
+            success = default_network_rules_for_systemvm(cmd.getVmName());
+        }
+        
+        return new Answer(cmd, success, "");
+    }
 }
diff --git a/core/src/com/cloud/agent/api/NetworkRulesSystemVmCommand.java b/core/src/com/cloud/agent/api/NetworkRulesSystemVmCommand.java
new file mode 100644
index 00000000000..79539051334
--- /dev/null
+++ b/core/src/com/cloud/agent/api/NetworkRulesSystemVmCommand.java
@@ -0,0 +1,69 @@
+package com.cloud.agent.api;
+
+import com.cloud.vm.VirtualMachine;
+
+public class NetworkRulesSystemVmCommand extends Command {
+    /**
+     * Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
+     *
+     * This software is licensed under the GNU General Public License v3 or later.
+     *
+     * It is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or any later version.
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+     * GNU General Public License for more details.
+     *
+     * You should have received a copy of the GNU General Public License
+     * along with this program. If not, see <http://www.gnu.org/licenses/>.
+     *
+     */
+    
+     private String vmName;
+     private long vmId;
+     private String pubIp;
+     private String mac;
+     private VirtualMachine.Type type;
+    
+     protected NetworkRulesSystemVmCommand() {
+    
+     }
+    
+     public NetworkRulesSystemVmCommand(String vmName, VirtualMachine.Type type) {
+         this.vmName = vmName;
+     }
+     
+     public NetworkRulesSystemVmCommand(String vmName, long vmId, String publicIP, String mac, VirtualMachine.Type type) {
+         this.vmName = vmName;
+         this.vmId = vmId;
+         this.pubIp = publicIP;
+         this.mac = mac;
+         this.type = type;
+     }
+    
+     public String getVmName() {
+         return vmName;
+     }
+     
+     public long getVmId() {
+         return vmId;
+     }
+     
+     public String getIp() {
+         return pubIp;
+     }
+    
+     public String getMac() {
+         return mac;
+     }
+     
+     public VirtualMachine.Type getType() {
+         return type;
+     }
+     @Override
+     public boolean executeInSequence() {
+     return false;
+     }
+}
diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 792f1b31bf9..dc32f46c8c6 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -92,6 +92,7 @@ import com.cloud.agent.api.MigrateCommand;
 import com.cloud.agent.api.ModifySshKeysCommand;
 import com.cloud.agent.api.ModifyStoragePoolAnswer;
 import com.cloud.agent.api.ModifyStoragePoolCommand;
+import com.cloud.agent.api.NetworkRulesSystemVmCommand;
 import com.cloud.agent.api.PingCommand;
 import com.cloud.agent.api.PingRoutingCommand;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
@@ -441,6 +442,8 @@ public abstract class CitrixResourceBase implements ServerResource {
         	return execute((OvsDeleteFlowCommand)cmd);
         } else if (cmd instanceof CleanupNetworkRulesCmd){
             return execute((CleanupNetworkRulesCmd)cmd);
+        } else if (cmd instanceof NetworkRulesSystemVmCommand) {
+            return execute((NetworkRulesSystemVmCommand)cmd);
         } else {
             return Answer.createUnsupportedCommandAnswer(cmd);
         }
@@ -5664,4 +5667,17 @@ public abstract class CitrixResourceBase implements ServerResource {
 	protected String getGuestOsType(String stdType, boolean bootFromCD) {
 		return stdType;
 	}
+
+	private Answer execute(NetworkRulesSystemVmCommand cmd) {
+	    boolean success = true;
+	    Connection conn = getConnection();
+	    if (cmd.getType() != VirtualMachine.Type.User) {
+	        String result = callHostPlugin(conn, "vmops", "default_network_rules_systemvm", "vmName", cmd.getVmName());
+	        if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
+	            success = false;
+	        }
+	    }
+
+	    return new Answer(cmd, success, "");
+	}
 }
diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
index 923414dbb76..7ef58f453ee 100644
--- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -39,6 +39,7 @@ import com.cloud.agent.api.CheckVirtualMachineCommand;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.MigrateAnswer;
 import com.cloud.agent.api.MigrateCommand;
+import com.cloud.agent.api.NetworkRulesSystemVmCommand;
 import com.cloud.agent.api.PrepareForMigrationAnswer;
 import com.cloud.agent.api.PrepareForMigrationCommand;
 import com.cloud.agent.api.StartAnswer;
@@ -91,6 +92,7 @@ import com.cloud.user.AccountManager;
 import com.cloud.user.User;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.user.dao.UserDao;
+import com.cloud.uservm.UserVm;
 import com.cloud.utils.Journal;
 import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.Pair;
@@ -997,9 +999,17 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager {
             if (!ma.getResult()) {
                 return null;
             }
-            
+            Commands cmds = new Commands(OnError.Revert);
             CheckVirtualMachineCommand cvm = new CheckVirtualMachineCommand(vm.getInstanceName());
-            CheckVirtualMachineAnswer answer = (CheckVirtualMachineAnswer)_agentMgr.send(dstHostId, cvm);
+            cmds.addCommand(cvm);
+           
+            if (vm.getType() != VirtualMachine.Type.User) {
+                NetworkRulesSystemVmCommand nrc = new NetworkRulesSystemVmCommand(vm.getInstanceName(), vm.getType());
+                cmds.addCommand(nrc);
+            }
+            
+             _agentMgr.send(dstHostId, cmds);
+             CheckVirtualMachineAnswer answer = cmds.getAnswer(CheckVirtualMachineAnswer.class);
             if (!answer.getResult()) {
                 s_logger.debug("Unable to complete migration for " + vm.toString());
                 stateTransitTo(vm, VirtualMachine.Event.AgentReportStopped, null);