diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index afa04ea..a9a5e62 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -188,6 +188,7 @@ router bgp {{ asn.asn }} vrf inside
 
 
 {% for vrf in vrfs.values() | selectattr('name', 'in', inside_vrfs) %}
+# VRF for L2 network {{ vrf.name }}. Imports gateway from inside VRF.
 router bgp {{ asn.asn }} vrf {{ vrf.name }}
   bgp bestpath as-path multipath-relax
 
@@ -358,8 +359,6 @@ route-map firewall->outside permit 1
   match ip address prefix-list fabric
 route-map firewall->outside permit 2
   match ipv6 address prefix-list fabric
-route-map firewall->outside permit 20
-  match ip address prefix-list office
 route-map firewall->outside permit 21
   match ipv6 address prefix-list office
 route-map firewall->outside permit 30
diff --git a/roles/firewall/templates/frr.conf.j2 b/roles/firewall/templates/frr.conf.j2
index 9d3ba08..4172131 100644
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@@ -136,11 +136,10 @@ route-map outside->default permit 10
 route-map outside->default permit 11
   match ipv6 address prefix-list default
 
-# Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
+# Send IPv6 office addresses and IPv4 NAT addresses to outside peers
+# so inbound packets go through the firewall.
 route-map default->outside permit 1
   match interface lo
-route-map default->outside permit 10
-  match ip address prefix-list office
 route-map default->outside permit 11
   match ipv6 address prefix-list office
 route-map default->outside permit 20