diff --git a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java
index 4694cb9eb37..5b0e748adf1 100644
--- a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java
+++ b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java
@@ -44,5 +44,7 @@ public interface PortForwardingRulesDao extends GenericDao<PortForwardingRuleVO,
 
     List<PortForwardingRuleVO> listByDestIpAddr(String ip4Address);
 
+    List<PortForwardingRuleVO> listByVmidAndDestIpAddr(String ip4Address,long vmid);
+
     PortForwardingRuleVO findByIdAndIp(long id, String secondaryIp);
 }
diff --git a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
index 45c0aeb4afd..6bc401b3941 100644
--- a/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
+++ b/engine/schema/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java
@@ -157,6 +157,14 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
         return listBy(sc);
     }
 
+    @Override
+    public List<PortForwardingRuleVO> listByVmidAndDestIpAddr(String ip4Address,long vmid) {
+        SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
+        sc.setParameters("dstIp", ip4Address);
+        sc.setParameters("vmId", vmid);
+        return listBy(sc);
+    }
+
     @Override
     public PortForwardingRuleVO findByIdAndIp(long id, String secondaryIp) {
         SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index eea12625d70..59025f2da77 100755
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -1465,7 +1465,7 @@ public class RulesManagerImpl extends ManagerBase implements RulesManager, Rules
     public List<FirewallRuleVO> listAssociatedRulesForGuestNic(Nic nic) {
         List<FirewallRuleVO> result = new ArrayList<FirewallRuleVO>();
         // add PF rules
-        result.addAll(_portForwardingDao.listByDestIpAddr(nic.getIp4Address()));
+        result.addAll(_portForwardingDao.listByVmidAndDestIpAddr(nic.getIp4Address(),nic.getInstanceId()));
         // add static NAT rules
         List<FirewallRuleVO> staticNatRules = _firewallDao.listStaticNatByVmId(nic.getInstanceId());
         for (FirewallRuleVO rule : staticNatRules) {