diff --git a/containers/firewall/Dockerfile.j2 b/containers/firewall/Dockerfile.j2
index ad6a1159..4dbff1f6 100644
--- a/containers/firewall/Dockerfile.j2
+++ b/containers/firewall/Dockerfile.j2
@@ -8,7 +8,6 @@ RUN {{ macros.install_packages(packages) }} && \
     rm -rf /opt/tsg/sapp/r3
 # files
 COPY files/quic/main.conf             /opt/tsg/sapp/conf/quic/main.conf
-COPY files/asymmetric_addr_layer.conf /opt/tsg/sapp/etc/
 COPY files/entrylist.conf             /opt/tsg/sapp/etc/
 COPY files/firewall_l7_protocol.conf  /opt/tsg/sapp/tsgconf/
 COPY files/http.conf                  /opt/tsg/sapp/conf/http/
diff --git a/containers/firewall/entrypoint.sh b/containers/firewall/entrypoint.sh
index 6d318b12..602d6a7b 100644
--- a/containers/firewall/entrypoint.sh
+++ b/containers/firewall/entrypoint.sh
@@ -56,6 +56,7 @@ parse_args "$@"
 
 mkdir -p /opt/tsg/etc/
 
+render_template asymmetric_addr_layer.conf.j2 /opt/tsg/sapp/etc/asymmetric_addr_layer.conf
 render_template conflist.inf.j2 /opt/tsg/sapp/plug/conflist.inf
 render_template firewall_logger_transmitter_schema.json.j2 /opt/tsg/sapp/tsgconf/firewall_logger_transmitter_schema.json
 render_template firewall.inf.j2 /opt/tsg/sapp/plug/business/firewall/firewall.inf
diff --git a/containers/firewall/files/asymmetric_addr_layer.conf b/containers/firewall/templates/asymmetric_addr_layer.conf.j2
similarity index 78%
rename from containers/firewall/files/asymmetric_addr_layer.conf
rename to containers/firewall/templates/asymmetric_addr_layer.conf.j2
index f4dcd827..e3ff6758 100644
--- a/containers/firewall/files/asymmetric_addr_layer.conf
+++ b/containers/firewall/templates/asymmetric_addr_layer.conf.j2
@@ -1,9 +1,11 @@
 #layer name definition:  ipv4, ipv6, ethernet,vlan, arp, gre, mpls, pppoe, tcp, udp, l2tp, ppp, pptp, gtp
 #pattern: asymmetric_layer_name[layer index]
 #The symbol "*" represents any layer
+{% if firewall.inject_packet_by_mgnt_route != True -%}
 ethernet[*]
 vlan[*]
 vxlan[*]
 mpls[*]
 gre[*]
 gtp[*]
+{%- endif %}
\ No newline at end of file
diff --git a/containers/firewall/templates/main.conf.j2 b/containers/firewall/templates/main.conf.j2
index 9453650e..423f916b 100644
--- a/containers/firewall/templates/main.conf.j2
+++ b/containers/firewall/templates/main.conf.j2
@@ -54,7 +54,11 @@ APPSKETCH_SWITCH=0
 
 [FIREWALL]
 # hijack, replace
+{%- if firewall.inject_packet_by_mgnt_route == True %}
+PACKET_RESPONSE_MODE=hijack
+{%- else %}
 PACKET_RESPONSE_MODE=replace
+{%- endif %}
 HTTP_PAGE200=./tsgconf/HTTP200.html
 HTTP_PAGE204=./tsgconf/HTTP204.html
 HTTP_PAGE403=./tsgconf/HTTP403.html