diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index 5c643b25f7e..236a5a84e37 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -37,12 +37,12 @@ public interface Network extends ControlledEntity {
     public static class Service {
         private static List<Service> supportedServices = new ArrayList<Service>();
 
-        public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnTypes);
+        public static final Service Vpn = new Service("Vpn", Capability.SupportedVpnProtocols, Capability.VpnTypes);
         public static final Service Dhcp = new Service("Dhcp");
         public static final Service Dns = new Service("Dns", Capability.AllowDnsSuffixModification);
         public static final Service Gateway = new Service("Gateway");
         public static final Service Firewall = new Service("Firewall", Capability.SupportedProtocols, 
-                Capability.MultipleIps, Capability.TrafficStatistics);
+                Capability.MultipleIps, Capability.TrafficStatistics, Capability.FirewallType);
         public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation,
                 Capability.SupportedProtocols, Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, 
                 Capability.SupportedStickinessMethods, Capability.ElasticLb);
@@ -152,13 +152,16 @@ public interface Network extends ControlledEntity {
         public static final Capability SupportedStickinessMethods = new Capability("SupportedStickinessMethods");
         public static final Capability MultipleIps = new Capability("MultipleIps");
         public static final Capability SupportedSourceNatTypes = new Capability("SupportedSourceNatTypes");
-        public static final Capability SupportedVpnTypes = new Capability("SupportedVpnTypes");
+        public static final Capability SupportedVpnProtocols = new Capability("SupportedVpnTypes");
+        public static final Capability VpnTypes = new Capability("VpnTypes");
         public static final Capability TrafficStatistics = new Capability("TrafficStatistics");
         public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps");
         public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification");
         public static final Capability RedundantRouter = new Capability("RedundantRouter");
         public static final Capability ElasticIp = new Capability("ElasticIp");
         public static final Capability ElasticLb = new Capability("ElasticLb");
+        public static final Capability FirewallType = new Capability("FirewallType");
+
 
         private String name;
 
diff --git a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
index 0473291d15d..1aa23daef4a 100644
--- a/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
+++ b/server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
@@ -266,6 +266,7 @@ public class JuniperSRXExternalFirewallElement extends ExternalFirewallDeviceMan
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         // Disabling VPN for Juniper in Acton as it 1) Was never tested 2) probably just doesn't work
diff --git a/server/src/com/cloud/network/element/NetscalerElement.java b/server/src/com/cloud/network/element/NetscalerElement.java
index 81d5424d4ab..33a82d479c6 100644
--- a/server/src/com/cloud/network/element/NetscalerElement.java
+++ b/server/src/com/cloud/network/element/NetscalerElement.java
@@ -270,7 +270,7 @@ public class NetscalerElement extends ExternalLoadBalancerDeviceManagerImpl impl
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
-
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         return capabilities;
diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java
index dc1a2470cb1..0feaa984c28 100755
--- a/server/src/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VirtualRouterElement.java
@@ -559,12 +559,13 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
-
+        firewallCapabilities.put(Capability.FirewallType, "perpublicip");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
         // Set capabilities for vpn
         Map<Capability, String> vpnCapabilities = new HashMap<Capability, String>();
-        vpnCapabilities.put(Capability.SupportedVpnTypes, "pptp,l2tp,ipsec");
+        vpnCapabilities.put(Capability.SupportedVpnProtocols, "pptp,l2tp,ipsec");
+        vpnCapabilities.put(Capability.VpnTypes, "removeaccessvpn");
         capabilities.put(Service.Vpn, vpnCapabilities);
 
         Map<Capability, String> dnsCapabilities = new HashMap<Capability, String>();
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index ca5f920cfa1..e5ae27e2675 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -89,6 +89,8 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
                 s_logger.trace("Element " + getProvider().getName() + " doesn't support service " + service.getName() 
                         + " in the network " + network);
                 return false;
+            } else if (service == Service.Firewall) {
+                //todo - get capability here
             }
         }
 
@@ -239,6 +241,14 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
         sourceNatCapabilities.put(Capability.RedundantRouter, "false");
         capabilities.put(Service.SourceNat, sourceNatCapabilities);
         
+        Map<Capability, String> vpnCapabilities = capabilities.get(Service.Vpn);
+        vpnCapabilities.put(Capability.VpnTypes, "s2svpn");
+        capabilities.put(Service.Vpn, vpnCapabilities);
+        
+        Map<Capability, String> firewallCapabilities = capabilities.get(Service.Firewall);
+        firewallCapabilities.put(Capability.FirewallType, "percidr");
+        capabilities.put(Service.Firewall, firewallCapabilities);
+
         return capabilities;
     }