diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 532c31a6..4190aa4f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -93,7 +93,8 @@ class servicemonitor {
    $nagios_ip_v4 = hiera('nagios_ip_v4')
    ufw::allow { "allow-servicemonitor-from-nagios":
       ip   => $nagios_ip_v4,
-      port => '444'
+      port => '444',
+      ensure => absent
    }
 }
 
@@ -266,7 +267,7 @@ class eidas_proxy($version='1.0.0',$country='se') {
    sunet::docker_run {'eidas-proxy':
       image    => 'docker.sunet.se/eidas-proxy',
       imagetag => $_version,
-      ports    => ['443:8443','444:8444'],
+      ports    => ['443:8443','127.0.0.01:444:8444'],
       volumes  => ['/var/log/eidas-proxy:/var/log/eidas-proxy',
                    '/etc/eidas-proxy:/etc/eidas-proxy',
                    '/etc/ssl:/etc/ssl'],
@@ -288,7 +289,7 @@ class prid($version="1.0.0") {
       image     => 'docker.sunet.se/prid-service',
       imagetag  => $_version,
       hostname  => "$hostname",
-      ports     => ['443:8443','444:8444'],
+      ports     => ['443:8443','127.0.0.01:444:8444'],
       volumes   => ['/etc/prid-service:/etc/prid-service',
                     '/etc/ssl:/etc/ssl'],
       env       => ["PRID_SERVICE_POLICY_CONFIGURATION=file:///etc/prid-service/policy.properties",
@@ -511,6 +512,9 @@ class nrpe {
    sunet::nagios::nrpe_command {'check_apt':
       command_line => '/usr/lib/nagios/plugins/check_apt'
    }
+   sunet::nagios::nrpe_command {'check_eidas_health':
+      command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost'
+   }
 }
 
 class nagios_monitor {