diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
index fa9385a774e..d95cf9ac7af 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -41,6 +41,8 @@ import com.cloud.network.vpc.NetworkACLItem.State;
 import com.cloud.network.vpc.dao.NetworkACLDao;
 import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offering.NetworkOffering;
+import com.cloud.server.ResourceTag;
+import com.cloud.tags.dao.ResourceTagDao;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.EntityManager;
@@ -73,6 +75,8 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
     private VpcService _vpcSvc;
     @Inject
     private MessageBus _messageBus;
+    @Inject
+    private ResourceTagDao resourceTagDao;
 
     private List<NetworkACLServiceProvider> _networkAclElements;
 
@@ -275,7 +279,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule);
             }
-            _networkACLItemDao.remove(rule.getId());
+            removeRule(rule);
         } else if (rule.getState() == State.Add || rule.getState() == State.Active) {
             rule.setState(State.Revoke);
             _networkACLItemDao.update(rule.getId(), rule);
@@ -353,8 +357,9 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
         return rules;
     }
 
-    private void removeRule(final NetworkACLItem rule) {
-        _networkACLItemDao.remove(rule.getId());
+    boolean removeRule(final NetworkACLItem rule) {
+        boolean rc = resourceTagDao.removeByIdAndType(rule.getId(), ResourceTag.ResourceObjectType.NetworkACL);
+        return rc && _networkACLItemDao.remove(rule.getId());
     }
 
     @Override
@@ -390,7 +395,7 @@ public class NetworkACLManagerImpl extends ManagerBase implements NetworkACLMana
 
     /**
      * Updates and applies the network ACL rule ({@link NetworkACLItemVO}).
-     * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#update(Long, NetworkACLItemVO)}. If it does not work, a {@link CloudRuntimeException} is thrown.
+     * We will first try to update the ACL rule in the database using {@link NetworkACLItemDao#updateNumberFieldNetworkItem(long, int)}. If it does not work, a {@link CloudRuntimeException} is thrown.
      * If we manage to update the ACL rule in the database, we proceed to apply it using {@link #applyNetworkACL(long)}. If this does not work we throw a {@link CloudRuntimeException}.
      * If all is working we return the {@link NetworkACLItemVO} given as parameter. We wil set the state of the rule to {@link com.cloud.network.vpc.NetworkACLItem.State#Add}.
      */
diff --git a/server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java b/server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java
similarity index 92%
rename from server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java
rename to server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java
index 411f73aaf69..4dc75b432de 100644
--- a/server/src/test/java/com/cloud/vpc/NetworkACLManagerTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/NetworkACLManagerTest.java
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package com.cloud.vpc;
+package com.cloud.network.vpc;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
@@ -30,6 +30,7 @@ import java.util.UUID;
 
 import javax.inject.Inject;
 
+import com.cloud.server.ResourceTag;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.messagebus.MessageBus;
@@ -58,18 +59,7 @@ import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkServiceMapDao;
 import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.element.NetworkACLServiceProvider;
-import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.NetworkACLItem.State;
-import com.cloud.network.vpc.NetworkACLItemDao;
-import com.cloud.network.vpc.NetworkACLItemVO;
-import com.cloud.network.vpc.NetworkACLManager;
-import com.cloud.network.vpc.NetworkACLManagerImpl;
-import com.cloud.network.vpc.NetworkACLVO;
-import com.cloud.network.vpc.PrivateGateway;
-import com.cloud.network.vpc.VpcGateway;
-import com.cloud.network.vpc.VpcGatewayVO;
-import com.cloud.network.vpc.VpcManager;
-import com.cloud.network.vpc.VpcService;
 import com.cloud.network.vpc.dao.NetworkACLDao;
 import com.cloud.network.vpc.dao.VpcGatewayDao;
 import com.cloud.offerings.dao.NetworkOfferingDao;
@@ -88,7 +78,7 @@ import junit.framework.TestCase;
 @ContextConfiguration(loader = AnnotationConfigContextLoader.class)
 public class NetworkACLManagerTest extends TestCase {
     @Inject
-    NetworkACLManager _aclMgr;
+    NetworkACLManagerImpl _aclMgr;
 
     @Inject
     AccountManager _accountMgr;
@@ -103,10 +93,6 @@ public class NetworkACLManagerTest extends TestCase {
     @Inject
     NetworkOfferingDao networkOfferingDao;
     @Inject
-    ConfigurationManager _configMgr;
-    @Inject
-    EntityManager _entityMgr;
-    @Inject
     NetworkModel _networkModel;
     @Inject
     List<NetworkACLServiceProvider> _networkAclElements;
@@ -114,6 +100,8 @@ public class NetworkACLManagerTest extends TestCase {
     VpcService _vpcSvc;
     @Inject
     VpcGatewayDao _vpcGatewayDao;
+    @Inject
+    private ResourceTagDao resourceTagDao;
 
     private NetworkACLVO acl;
     private NetworkACLItemVO aclItem;
@@ -154,9 +142,17 @@ public class NetworkACLManagerTest extends TestCase {
     }
 
     @Test
-    public void testApplyNetworkACL() throws Exception {
+    public void testApplyNetworkACLsOnGatewayAndInGeneral() throws Exception {
         driveTestApplyNetworkACL(true, true, true);
+    }
+
+    @Test
+    public void testApplyNetworkACLsOnGatewayOnly() throws Exception {
         driveTestApplyNetworkACL(false, false, true);
+    }
+
+    @Test
+    public void testApplyNetworkACLsButNotOnGateway() throws Exception {
         driveTestApplyNetworkACL(false, true, false);
     }
 
@@ -168,11 +164,12 @@ public class NetworkACLManagerTest extends TestCase {
         // Prepare
         // Reset mocked objects to reuse
         Mockito.reset(_networkACLItemDao);
+        Mockito.reset(_networkDao);
 
         // Make sure it is handled
         final long aclId = 1L;
         final NetworkVO network = Mockito.mock(NetworkVO.class);
-        final List<NetworkVO> networks = new ArrayList<NetworkVO>();
+        final List<NetworkVO> networks = new ArrayList<>();
         networks.add(network);
 
         NetworkServiceMapDao ntwkSrvcDao = mock(NetworkServiceMapDao.class);
@@ -194,7 +191,7 @@ public class NetworkACLManagerTest extends TestCase {
 
         // Create 4 rules to test all 4 scenarios: only revoke should
         // be deleted, only add should update
-        final List<NetworkACLItemVO> rules = new ArrayList<NetworkACLItemVO>();
+        final List<NetworkACLItemVO> rules = new ArrayList<>();
         final NetworkACLItemVO ruleActive = Mockito.mock(NetworkACLItemVO.class);
         final NetworkACLItemVO ruleStaged = Mockito.mock(NetworkACLItemVO.class);
         final NetworkACLItemVO rule2Revoke = Mockito.mock(NetworkACLItemVO.class);
@@ -224,7 +221,6 @@ public class NetworkACLManagerTest extends TestCase {
 
         // Assert if conditions met, network ACL was applied
         final int timesProcessingDone = applyNetworkACLs && applyACLToPrivateGw ? 1 : 0;
-        Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).remove(revokeId);
         Mockito.verify(rule2Add, Mockito.times(timesProcessingDone)).setState(NetworkACLItem.State.Active);
         Mockito.verify(_networkACLItemDao, Mockito.times(timesProcessingDone)).update(addId, rule2Add);
     }
@@ -235,9 +231,20 @@ public class NetworkACLManagerTest extends TestCase {
         assertTrue(_aclMgr.revokeNetworkACLItem(1L));
     }
 
+    @Test
+    public void testRemoveRule() {
+        NetworkACLItem aclItem = Mockito.mock(NetworkACLItemVO.class);
+        when(aclItem.getId()).thenReturn(1l);
+        Mockito.when(resourceTagDao.removeByIdAndType(1l, ResourceTag.ResourceObjectType.NetworkACL)).thenReturn(true);
+        Mockito.when(_networkACLItemDao.remove(1l)).thenReturn(true);
+        assertTrue(_aclMgr.removeRule(aclItem));
+
+    }
+
     @Test
     public void deleteNonEmptyACL() throws Exception {
-        final List<NetworkACLItemVO> aclItems = new ArrayList<NetworkACLItemVO>();
+        Mockito.reset(_networkDao);
+        final List<NetworkACLItemVO> aclItems = new ArrayList<>();
         aclItems.add(aclItem);
         Mockito.when(_networkACLItemDao.listByACL(anyLong())).thenReturn(aclItems);
         Mockito.when(acl.getId()).thenReturn(3l);
@@ -342,5 +349,4 @@ public class NetworkACLManagerTest extends TestCase {
             }
         }
     }
-
 }