diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
index 71c726d4..28f8af96 100644
--- a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
+++ b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
@@ -6,12 +6,12 @@ workload_zcpd:
   hugepage_num_1G: 32
 
 workload_firewall:
-  cpu_affinity: " "
-  worker_threads: 1
+  cpu_affinity: "{% raw %}{{ workload_firewall_cpu_affinity }}{% endraw %}"
+  worker_threads: "{% raw %}{{ workload_firewall_worker_threads }}{% endraw %}"
   send_only_threads_max: 0
 
 workload_proxy:
-  enable_cpu_affinity: 0
+  enable_cpu_affinity: 1
   cpu_affinity: "{% raw %}{{ workload_proxy_cpu_affinity }}{% endraw %}"
   worker_thread: "{% raw %}{{ workload_proxy_worker_thread }}{% endraw %}"
 
@@ -32,15 +32,15 @@ dp_steering_firewall:
 dp_steering_proxy:
   ###### location: value {local, foreign}
   location: local
-  tun_mode: yes
+  tap_mode: yes
   node_list:
-    - nic_name: virtio_kni
+    - nic_name: tap0
 
 dp_certstore:
   location: local
 
 dp_proxy:
-  nic_name_data_incoming: virtio_kni
+  nic_name_data_incoming: tap0
   mac_addr_data_incoming: 00:0e:c6:d6:72:c1
   enable_traffic_mirror: 1
   traffic_mirror_type: 1
diff --git a/ansible/roles/kni/templates/kni.conf.j2 b/ansible/roles/kni/templates/kni.conf.j2
index be1baaad..572ae2e4 100644
--- a/ansible/roles/kni/templates/kni.conf.j2
+++ b/ansible/roles/kni/templates/kni.conf.j2
@@ -9,7 +9,7 @@ tfe_node_count = {{ dp_steering_proxy.node_count }}
 {% endif %}
 manage_eth = {{ control_and_policy.nic_name }}
 # deploy_mode: normal/tap
-{% if dp_steering_proxy.tun_mode is defined %}
+{% if dp_steering_proxy.tap_mode is defined %}
 deploy_mode = tap
 {% else %}
 deploy_mode = normal
@@ -18,7 +18,9 @@ src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
 
 [tap]
-tap_name=tap0
+{% for tfe_node_info in dp_steering_proxy.node_list %}
+tap_name= {{ tfe_node_info.nic_name }}
+{% endfor %}
 
 # tap_allow_mutilthread=1     load bpf
 # tap_allow_mutilthread=0 not load bpf
@@ -30,9 +32,9 @@ bpf_debug_log=0
 # 2: BPF 使用二元组分流; 4: BPF 使用四元组分流
 bpf_hash_mode=2
 
-tap_rps_enable=0
+tap_rps_enable=1
 # cat /sys/class/net/tap0/queues/rx-%{d}/rps_cpus
-tap_rps_mask=0,1fffffff,c0000000,00000000
+tap_rps_mask="{% raw %}{{ tfe_env_rps_info.rps_mask }}{% endraw %}"
 
 [io_uring]
 enable_iouring=1
diff --git a/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 b/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2
index 69e90b91..9e735ae3 100644
--- a/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2
+++ b/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2
@@ -144,7 +144,7 @@ spec:
       - name: tsg-init
         image: docker.io/library/tsg-init:{{os_release_ver}}
         imagePullPolicy: Never
-        command: ["sh", "-c", "ansible-playbook -i /opt/tsg/tsg-os-provision/hosts /opt/tsg/tsg-os-provision/tasks/provision.yml"]
+        command: ["sh", "-c", "ansible-playbook -i /opt/tsg/tsg-os-provision/hosts /opt/tsg/tsg-os-provision/tasks/provision.yml ; mount -o remount,rw /sys"]
         securityContext:
           privileged: true
         volumeMounts: