diff --git a/components/gateway/public_gateway/opensips.cfg b/components/gateway/public_gateway/opensips.cfg
index 89a1039f4..6c21ea3b9 100644
--- a/components/gateway/public_gateway/opensips.cfg
+++ b/components/gateway/public_gateway/opensips.cfg
@@ -198,6 +198,11 @@ route{
     exit;
   }
 
+  if ( get_source_group( $var(group)) ) {
+    # do something with $var(group)
+    xlog("group is $var(group)\n");
+  };
+
   # Some UAC send a Route Header
   # with a local proxy IP in an initial INVITE Request
   # According to https://opensips.org/html/docs/modules/3.4.x/rr.html#func_loose_route
@@ -229,18 +234,18 @@ route{
   xlog("L_NOTICE", "Load balancing request on port $rp\n");
 
   if ($rp == "SIP_PORT") {
-    xlog("L_NOTICE", "Starting LB with resources: gw\n");
+    xlog("L_NOTICE", "Starting LB on group $var(group) with resources: gw\n");
 
-    if ( !lb_start(1,"gw")) {
+    if ( !lb_start($var(group),"gw")) {
       send_reply(500,"No Destination available");
       exit;
     }
   }
 
   if ($rp == "SIP_ALTERNATIVE_PORT") {
-    xlog("L_NOTICE", "Starting LB with resources: gwalt\n");
+    xlog("L_NOTICE", "Starting LB on group $var(group) with resources: gwalt\n");
 
-    if ( !lb_start(1,"gwalt")) {
+    if ( !lb_start($var(group),"gwalt")) {
       send_reply(500,"No Destination available");
       exit;
     }
diff --git a/components/testing/tests/public_gateway/inbound_test.sh b/components/testing/tests/public_gateway/inbound_test.sh
index 04506ac12..7bf5d58ff 100755
--- a/components/testing/tests/public_gateway/inbound_test.sh
+++ b/components/testing/tests/public_gateway/inbound_test.sh
@@ -15,8 +15,8 @@ media_server="$(dig +short freeswitch)"
 public_gateway="$(dig +short public_gateway)"
 
 reset_db
-create_load_balancer_entry "gw" "5060"
-create_address_entry $(hostname -i)
+create_load_balancer_entry "gw" "5060" "2"
+create_address_entry "$(hostname -i)" "2"
 reload_opensips_tables
 
 sipp -sf $scenario public_gateway:5060 -s 1234 -m 1 -trace_msg > /dev/null
diff --git a/components/testing/tests/public_gateway/support/test_helpers.sh b/components/testing/tests/public_gateway/support/test_helpers.sh
index 0d4d16d97..8495620da 100755
--- a/components/testing/tests/public_gateway/support/test_helpers.sh
+++ b/components/testing/tests/public_gateway/support/test_helpers.sh
@@ -21,6 +21,8 @@ reload_opensips_tables () {
 
 create_address_entry () {
   ip="$1"
+  grp="$2"
+  grp="${grp:=1}"
 
-  psql -q $DATABASE_URL -c "INSERT INTO address (ip) VALUES('$ip');"
+  psql -q $DATABASE_URL -c "INSERT INTO address (ip, grp) VALUES('$ip', '$grp');"
 }
diff --git a/components/testing/tests/support/test_helpers.sh b/components/testing/tests/support/test_helpers.sh
index f39892042..03ab57689 100755
--- a/components/testing/tests/support/test_helpers.sh
+++ b/components/testing/tests/support/test_helpers.sh
@@ -5,8 +5,10 @@ set -e
 create_load_balancer_entry () {
   gateway_identifier="$1"
   port="$2"
+  group_id="$3"
+  group_id="${group_id:=1}"
   psql -q $DATABASE_URL \
-  -c "INSERT INTO load_balancer (group_id, dst_uri, resources, probe_mode) VALUES('1', 'sip:freeswitch:$port', '$gateway_identifier=fs://:secret@freeswitch:8021', 2);"
+  -c "INSERT INTO load_balancer (group_id, dst_uri, resources, probe_mode) VALUES('$group_id', 'sip:freeswitch:$port', '$gateway_identifier=fs://:secret@freeswitch:8021', 2);"
 }
 
 assert_in_file () {
diff --git a/infrastructure/modules/switch/sg.tf b/infrastructure/modules/switch/sg.tf
index 8171a8707..04ff817f4 100644
--- a/infrastructure/modules/switch/sg.tf
+++ b/infrastructure/modules/switch/sg.tf
@@ -16,15 +16,13 @@ resource "aws_security_group_rule" "ingress_http" {
   cidr_blocks       = ["0.0.0.0/0"]
 }
 
-# TODO: this might be wrong for new VPC
-
 resource "aws_security_group_rule" "ingress_freeswitch_event_socket" {
   type              = "ingress"
   to_port           = 8021
   protocol          = "TCP"
   from_port         = 8021
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
+  cidr_blocks       = ["0.0.0.0/0"]
 }
 
 resource "aws_security_group_rule" "ingress_sip" {
@@ -33,7 +31,7 @@ resource "aws_security_group_rule" "ingress_sip" {
   protocol          = "UDP"
   from_port         = var.sip_port
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
+  cidr_blocks       = ["0.0.0.0/0"]
 }
 
 resource "aws_security_group_rule" "ingress_sip_alternative" {
@@ -42,7 +40,16 @@ resource "aws_security_group_rule" "ingress_sip_alternative" {
   protocol          = "UDP"
   from_port         = var.sip_alternative_port
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "icmp" {
+  type              = "ingress"
+  to_port           = -1
+  protocol          = "icmp"
+  from_port         = -1
+  security_group_id = aws_security_group.this.id
+  cidr_blocks       = ["0.0.0.0/0"]
 }
 
 resource "aws_security_group_rule" "egress" {