diff --git a/network/instance.go b/network/instance.go
index 2891bed0416c3520e6d3caf139e3bb2fccc14db6..b2ea243b22546277ecde3de08ce3364bed9bc863 100644
--- a/network/instance.go
+++ b/network/instance.go
@@ -587,6 +587,10 @@ func (i *Instance) GetPermissioningId() *id.ID {
 
 }
 
+func (i *Instance) connectGatewayToGateway() {
+
+}
+
 // Update host helper
 func (i *Instance) updateConns(def *ndf.NetworkDefinition, isGateway, isNode bool) error {
 	if isGateway {
@@ -608,8 +612,13 @@ func (i *Instance) updateConns(def *ndf.NetworkDefinition, isGateway, isNode boo
 					return errors.Errorf("Gateway ID invalid, collides with a "+
 						"hard coded ID. Invalid ID: %v", gwid.Marshal())
 				}
+
+				// If this entity is a gateway, other gateway hosts
+				// should have auth enabled. Otherwise, disable auth
 				gwParams := connect.GetDefaultHostParams()
-				gwParams.AuthEnabled = false
+				if i.comm.Id.GetType() != id.Gateway {
+					gwParams.AuthEnabled = false
+				}
 				_, err := i.comm.AddHost(gwid, addr, []byte(gateway.TlsCertificate), gwParams)
 				if err != nil {
 					return errors.WithMessagef(err, "Could not add gateway host %s", gwid)
diff --git a/network/instance_test.go b/network/instance_test.go
index a5c9d5fade400f0acda93ce84be7f638472d7de9..f20956907c14bdc50a1bb1399468c5d18cf993d4 100644
--- a/network/instance_test.go
+++ b/network/instance_test.go
@@ -202,6 +202,7 @@ func setupComm(t *testing.T) (*Instance, *mixmessages.NDF) {
 	err = signature.Sign(f, privKey)
 	testManager := connect.NewManagerTesting(t)
 	pc := &connect.ProtoComms{
+		Id:id.NewIdFromString("User", id.User, t),
 		Manager: testManager,
 	}
 	i, err := NewInstance(pc, baseNDF, baseNDF, nil)
@@ -363,6 +364,7 @@ func TestInstance_UpdateGatewayConnections(t *testing.T) {
 	secured, _ := NewSecuredNdf(testutils.NDF)
 	testManager := connect.NewManagerTesting(t)
 	pc := &connect.ProtoComms{
+		Id:id.NewIdFromString("User", id.User, t),
 		Manager: testManager,
 	}
 	i := Instance{