diff --git a/autoscaler-agents.tf b/autoscaler-agents.tf
index 4110431e..d14e5ffd 100644
--- a/autoscaler-agents.tf
+++ b/autoscaler-agents.tf
@@ -9,6 +9,7 @@ locals {
       ssh_key          = local.hcloud_ssh_key_id
       ipv4_subnet_id   = hcloud_network.k3s.id # for now we use the k3s network, as we cannot reference subnet-ids in autoscaler
       snapshot_id      = hcloud_snapshot.autoscaler_image[0].id
+      firewall_id    = hcloud_firewall.k3s.id
       node_pools       = var.autoscaler_nodepools
   })
 }
diff --git a/templates/autoscaler.yaml.tpl b/templates/autoscaler.yaml.tpl
index 575488d6..423a21c0 100644
--- a/templates/autoscaler.yaml.tpl
+++ b/templates/autoscaler.yaml.tpl
@@ -186,6 +186,8 @@ spec:
             value: '${ipv4_subnet_id}'
           - name: HCLOUD_IMAGE
             value: '${snapshot_id}'
+          - name: HCLOUD_FIREWALL
+            value: '${firewall_id}'
           volumeMounts:
             - name: ssl-certs
               mountPath: /etc/ssl/certs