diff --git a/logic/extpeers.go b/logic/extpeers.go
index e37b2be5..5f9d0f16 100644
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -396,20 +396,29 @@ func ToggleExtClientConnectivity(client *models.ExtClient, enable bool) (models.
 	return newClient, nil
 }
 
-func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, error) {
+func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, []models.EgressNetworkRoutes, []net.IP, error) {
 	var peers []wgtypes.PeerConfig
 	var idsAndAddr []models.IDandAddr
 	var egressRoutes []models.EgressNetworkRoutes
+	var extUserIps []net.IP
 	extPeers, err := GetNetworkExtClients(node.Network)
 	if err != nil {
-		return peers, idsAndAddr, egressRoutes, err
+		return peers, idsAndAddr, egressRoutes, extUserIps, err
 	}
 	host, err := GetHost(node.HostID.String())
 	if err != nil {
-		return peers, idsAndAddr, egressRoutes, err
+		return peers, idsAndAddr, egressRoutes, extUserIps, err
 	}
 	for _, extPeer := range extPeers {
 		extPeer := extPeer
+		if extPeer.RemoteAccessClientID != "" {
+			if extPeer.AddressIPNet4().IP != nil {
+				extUserIps = append(extUserIps, extPeer.AddressIPNet4().IP)
+			}
+			if extPeer.AddressIPNet6().IP != nil {
+				extUserIps = append(extUserIps, extPeer.AddressIPNet6().IP)
+			}
+		}
 		if !IsClientNodeAllowed(&extPeer, peer.ID.String()) {
 			continue
 		}
@@ -479,7 +488,7 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 			IsExtClient: true,
 		})
 	}
-	return peers, idsAndAddr, egressRoutes, nil
+	return peers, idsAndAddr, egressRoutes, extUserIps, nil
 
 }
 
diff --git a/logic/peers.go b/logic/peers.go
index b2456826..1ca77184 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -74,7 +74,8 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		ServerVersion: servercfg.GetVersion(),
 		ServerAddrs:   []models.ServerAddr{},
 		FwUpdate: models.FwUpdate{
-			EgressInfo: make(map[string]models.EgressInfo),
+			EgressInfo:  make(map[string]models.EgressInfo),
+			IngressInfo: make(map[string]models.IngressInfo),
 		},
 		PeerIDs:           make(models.PeerMap, 0),
 		Peers:             []wgtypes.PeerConfig{},
@@ -287,9 +288,13 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		var extPeers []wgtypes.PeerConfig
 		var extPeerIDAndAddrs []models.IDandAddr
 		var egressRoutes []models.EgressNetworkRoutes
+		var extUserIps []net.IP
 		if node.IsIngressGateway {
-			extPeers, extPeerIDAndAddrs, egressRoutes, err = GetExtPeers(&node, &node)
+			extPeers, extPeerIDAndAddrs, egressRoutes, extUserIps, err = GetExtPeers(&node, &node)
 			if err == nil {
+				hostPeerUpdate.FwUpdate.IngressInfo[node.ID.String()] = models.IngressInfo{
+					UserIps: extUserIps,
+				}
 				hostPeerUpdate.EgressRoutes = append(hostPeerUpdate.EgressRoutes, egressRoutes...)
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
@@ -421,7 +426,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet
 
 	// handle ingress gateway peers
 	if peer.IsIngressGateway {
-		extPeers, _, _, err := GetExtPeers(peer, node)
+		extPeers, _, _, _, err := GetExtPeers(peer, node)
 		if err != nil {
 			logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 		}
diff --git a/models/mqtt.go b/models/mqtt.go
index c0d52d9c..3463afe8 100644
--- a/models/mqtt.go
+++ b/models/mqtt.go
@@ -28,8 +28,7 @@ type HostPeerUpdate struct {
 
 // IngressInfo - struct for ingress info
 type IngressInfo struct {
-	ExtPeers     map[string]ExtClientInfo `json:"ext_peers" yaml:"ext_peers"`
-	EgressRanges []string                 `json:"egress_ranges" yaml:"egress_ranges"`
+	UserIps []net.IP
 }
 
 // EgressInfo - struct for egress info
@@ -77,8 +76,9 @@ type KeyUpdate struct {
 
 // FwUpdate - struct for firewall updates
 type FwUpdate struct {
-	IsEgressGw bool                  `json:"is_egress_gw"`
-	EgressInfo map[string]EgressInfo `json:"egress_info"`
+	IsEgressGw  bool                   `json:"is_egress_gw"`
+	EgressInfo  map[string]EgressInfo  `json:"egress_info"`
+	IngressInfo map[string]IngressInfo `json:"ingress_info"`
 }
 
 // FailOverMeReq - struct for failover req
diff --git a/pro/logic/failover.go b/pro/logic/failover.go
index 788e09e0..f90173e5 100644
--- a/pro/logic/failover.go
+++ b/pro/logic/failover.go
@@ -148,7 +148,7 @@ func GetFailOverPeerIps(peer, node *models.Node) []net.IPNet {
 			}
 			// handle ingress gateway peers
 			if failOverpeer.IsIngressGateway {
-				extPeers, _, _, err := logic.GetExtPeers(&failOverpeer, node)
+				extPeers, _, _, _, err := logic.GetExtPeers(&failOverpeer, node)
 				if err != nil {
 					logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
 				}