diff --git a/defaults/main.yml b/defaults/main.yml
index fe18e0a6..fcffe283 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -273,7 +273,7 @@ octavia_amp_image_upload_enabled: "{{ octavia_download_artefact }}"
 # Name of the Octavia security group
 octavia_security_group_name: octavia_sec_grp
 # Restrict access to only authorized hosts
-octavia_security_group_rule_cidr:
+octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
 # ssh enabled - switch to True if you need ssh access to the amphora
 octavia_ssh_enabled: False
 octavia_ssh_key_name: octavia_key
diff --git a/releasenotes/notes/octavia_security_group_rule_cidr_default-dbf0cdfd17731a73.yaml b/releasenotes/notes/octavia_security_group_rule_cidr_default-dbf0cdfd17731a73.yaml
new file mode 100644
index 00000000..b4095b0f
--- /dev/null
+++ b/releasenotes/notes/octavia_security_group_rule_cidr_default-dbf0cdfd17731a73.yaml
@@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    Default value for ``octavia_security_group_rule_cidr`` is changed and
+    defined to the CIDR of Octavia management network.
+    To preserve previous behaviour, please override the variable to
+    `0.0.0.0/0`.