diff --git a/roles/firewall/defaults/main.yml b/roles/firewall/defaults/main.yml
index 267b80d..8880cc3 100644
--- a/roles/firewall/defaults/main.yml
+++ b/roles/firewall/defaults/main.yml
@@ -6,3 +6,5 @@
 local_subnet: 192.168.0.0/24
 
 sshd_port: 2500
+
+bastion_ip: "{{ host_vars[groups['bastion'][0]]['local_ip'] }}"
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index a65bb56..6595509 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -14,7 +14,7 @@
 
 - name: Set default sources (fleet server)
   set_fact:
-    default_firewall_src: "{{ host_vars[groups['bastion'][0]]['local_ip'] }}"
+    default_firewall_src: "{{ bastion_ip }}"
   when: "fleet" in group_names
 
 - name: Allow service ports