diff --git a/vmware_nsx_tempest/tests/nsxv3/api/test_provider_sec_group.py b/vmware_nsx_tempest/tests/nsxv3/api/test_provider_sec_group.py
index 5da8fe019c..51a5fc702e 100644
--- a/vmware_nsx_tempest/tests/nsxv3/api/test_provider_sec_group.py
+++ b/vmware_nsx_tempest/tests/nsxv3/api/test_provider_sec_group.py
@@ -235,7 +235,7 @@ class ProviderSecurityGroupTest(base.BaseAdminNetworkTest):
 
     @test.attr(type='nsxv3')
     @decorators.idempotent_id('2c44a134-f013-46b7-a2ec-14c7c38a4d8c')
-    def test_multiple_provider_security_group(self):
+    def test_multiple_provider_security_group_only_on_newton(self):
         sg = self.create_security_provider_group(self.cmgr_adm, provider=True)
         sg_id = sg.get('id')
         self.create_security_group_rule(sg_id, cmgr=self.cmgr_adm,
@@ -244,6 +244,20 @@ class ProviderSecurityGroupTest(base.BaseAdminNetworkTest):
                           self.create_security_provider_group,
                           self.cmgr_adm, provider=True)
 
+    @test.attr(type='nsxv3')
+    @decorators.idempotent_id('f45fc910-db83-4e0c-8ab6-178783626ad3')
+    def test_multiple_provider_security_group_on_ocata_plus(self):
+        # Ocata plus allows more than 1 provider security group
+        sg1 = self.create_security_provider_group(self.cmgr_adm, provider=True)
+        sg1_id = sg1.get('id')
+        # create icmp rule
+        self.create_security_group_rule(sg1_id, cmgr=self.cmgr_adm,
+                                        protocol='icmp')
+        sg2 = self.create_security_provider_group(self.cmgr_adm, provider=True)
+        sg3 = self.create_security_provider_group(self.cmgr_adm, provider=True)
+        self.assertNotEqual(sg1.get('id'), sg2.get('id'))
+        self.assertNotEqual(sg2.get('id'), sg3.get('id'))
+
     @test.attr(type='nsxv3')
     @decorators.idempotent_id('275abe9f-4f01-46e5-bde0-0b6840290d3b')
     def test_provider_sec_group_with_multiple_rules(self):
diff --git a/vmware_nsx_tempest/tests/nsxv3/scenario/test_router_nonat_ops.py b/vmware_nsx_tempest/tests/nsxv3/scenario/test_router_nonat_ops.py
index 69ed95d8b7..09ca0fc5df 100644
--- a/vmware_nsx_tempest/tests/nsxv3/scenario/test_router_nonat_ops.py
+++ b/vmware_nsx_tempest/tests/nsxv3/scenario/test_router_nonat_ops.py
@@ -237,6 +237,28 @@ class TestRouterNoNATOps(manager.NetworkScenarioTest):
                               {'dest': remote_ip, 'src': floating_ip})
                 raise
 
+    def _test_router_nat_when_floating_ips_active_on_network(self):
+        """Expect raise condition when floating ips are active on
+           on network and tenant try to disable NAT
+        """
+        snat = True
+        self._setup_network_topo(enable_snat=snat)
+        nsx_router = self.nsx.get_logical_router(
+            self.router['name'], self.router['id'])
+        self.assertNotEqual(nsx_router, None)
+        self.assertEqual(nsx_router['router_type'], 'TIER1')
+        self._check_network_internal_connectivity(network=self.network)
+        self._check_network_vm_connectivity(network=self.network)
+        self._check_nonat_network_connectivity(should_connect=False)
+        # Update router to disable snat and disassociate floating ip
+        external_gateway_info = {
+            'network_id': CONF.network.public_network_id,
+            'enable_snat': (not snat)}
+        self.assertRaises(exceptions.BadRequest, self._update_router,
+                          self.router['id'],
+                          self.cmgr_adm.routers_client,
+                          external_gateway_info)
+
     def _test_router_nat_update_when_snat(self):
         """Test update router from NATed to NoNAT scenario"""
         snat = True
@@ -257,14 +279,15 @@ class TestRouterNoNATOps(manager.NetworkScenarioTest):
         self._check_network_internal_connectivity(network=self.network)
         self._check_network_vm_connectivity(network=self.network)
         self._check_nonat_network_connectivity(should_connect=False)
+        # To configure SNAT=False, needs to release all the floating ips
+        floating_ip, server = self.floating_ip_tuple
+        self._disassociate_floating_ip(floating_ip)
         # Update router to disable snat and disassociate floating ip
         external_gateway_info = {
             'network_id': CONF.network.public_network_id,
             'enable_snat': (not snat)}
         self._update_router(self.router['id'], self.cmgr_adm.routers_client,
             external_gateway_info)
-        floating_ip, server = self.floating_ip_tuple
-        self._disassociate_floating_ip(floating_ip)
         nsx_router = self.nsx.get_logical_router(
             self.router['name'], self.router['id'])
         self.assertNotEqual(nsx_router, None)
@@ -324,6 +347,14 @@ class TestRouterNoNATOps(manager.NetworkScenarioTest):
         """Test update router from NATed to NoNAT scenario"""
         self._test_router_nat_update_when_snat()
 
+    @test.attr(type='nsxv3')
+    @decorators.idempotent_id('b951f7fb-f2b2-40eb-8bbd-b54bd76ffbe8')
+    def test_disable_nat_when_floating_ips_active_on_network(self):
+        """Expect raise condition when floating ips are active on
+           on network and tenant try to disable NAT
+        """
+        self._test_router_nat_when_floating_ips_active_on_network()
+
     @test.attr(type='nsxv3')
     @decorators.idempotent_id('a0274738-d3e7-49db-bf10-a5563610940d')
     def test_router_nonat_to_nat_ops(self):