diff --git a/azurerm/resource_arm_service_fabric_cluster.go b/azurerm/resource_arm_service_fabric_cluster.go
index 01308d1b4dcd..d8310f1c98b6 100644
--- a/azurerm/resource_arm_service_fabric_cluster.go
+++ b/azurerm/resource_arm_service_fabric_cluster.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
@@ -249,8 +250,9 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 							ForceNew: true,
 						},
 						"reverse_proxy_endpoint_port": {
-							Type:     schema.TypeInt,
-							Optional: true,
+							Type:         schema.TypeInt,
+							Optional:     true,
+							ValidateFunc: validate.PortNumber,
 						},
 						"durability_level": {
 							Type:     schema.TypeString,
@@ -890,7 +892,6 @@ func expandServiceFabricClusterNodeTypes(input []interface{}) *[]servicefabric.N
 		instanceCount := node["instance_count"].(int)
 		clientEndpointPort := node["client_endpoint_port"].(int)
 		httpEndpointPort := node["http_endpoint_port"].(int)
-		reverseProxyEndpointPort := node["reverse_proxy_endpoint_port"].(int)
 		isPrimary := node["is_primary"].(bool)
 		durabilityLevel := node["durability_level"].(string)
 
@@ -900,9 +901,11 @@ func expandServiceFabricClusterNodeTypes(input []interface{}) *[]servicefabric.N
 			IsPrimary:                    utils.Bool(isPrimary),
 			ClientConnectionEndpointPort: utils.Int32(int32(clientEndpointPort)),
 			HTTPGatewayEndpointPort:      utils.Int32(int32(httpEndpointPort)),
-			ReverseProxyEndpointPort:     utils.Int32(int32(reverseProxyEndpointPort)),
 			DurabilityLevel:              servicefabric.DurabilityLevel(durabilityLevel),
 		}
+		if v := int32(node["reverse_proxy_endpoint_port"].(int)); v != 0 {
+			result.ReverseProxyEndpointPort = utils.Int32(v)
+		}
 
 		applicationPortsRaw := node["application_ports"].([]interface{})
 		if len(applicationPortsRaw) > 0 {
diff --git a/azurerm/resource_arm_service_fabric_cluster_test.go b/azurerm/resource_arm_service_fabric_cluster_test.go
index 2ca19bc9df14..a4dbe7a6b0f1 100644
--- a/azurerm/resource_arm_service_fabric_cluster_test.go
+++ b/azurerm/resource_arm_service_fabric_cluster_test.go
@@ -190,6 +190,7 @@ func TestAccAzureRMServiceFabricCluster_reverseProxyCertificate(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "fabric_settings.0.name", "Security"),
 					resource.TestCheckResourceAttr(resourceName, "fabric_settings.0.parameters.ClusterProtectionLevel", "EncryptAndSign"),
 					resource.TestCheckResourceAttr(resourceName, "management_endpoint", "https://example:80"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.reverse_proxy_endpoint_port", "19081"),
 				),
 			},
 			{
@@ -201,6 +202,108 @@ func TestAccAzureRMServiceFabricCluster_reverseProxyCertificate(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMServiceFabricCluster_reverseProxyNotSet(t *testing.T) {
+	resourceName := "azurerm_service_fabric_cluster.test"
+	ri := tf.AccRandTimeInt()
+	location := testLocation()
+	config := testAccAzureRMServiceFabricCluster_basic(ri, location, 3)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMServiceFabricClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMServiceFabricClusterExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "management_endpoint", "http://example:80"),
+					resource.TestCheckResourceAttr(resourceName, "add_on_features.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "client_certificate_thumbprint.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "azure_active_directory.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "diagnostics_config.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.instance_count", "3"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.reverse_proxy_endpoint_port", "0"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAzureRMServiceFabricCluster_reverseProxyUpdate(t *testing.T) {
+	resourceName := "azurerm_service_fabric_cluster.test"
+	ri := tf.AccRandTimeInt()
+	location := testLocation()
+	configBasic := testAccAzureRMServiceFabricCluster_basic(ri, location, 3)
+	configProxy := testAccAzureRMServiceFabricCluster_reverseProxyCertificates(ri, location)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMServiceFabricClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: configBasic,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMServiceFabricClusterExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "management_endpoint", "http://example:80"),
+					resource.TestCheckResourceAttr(resourceName, "add_on_features.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "client_certificate_thumbprint.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "azure_active_directory.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "diagnostics_config.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.instance_count", "3"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+				),
+			},
+			{
+				Config: configProxy,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMServiceFabricClusterExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "certificate.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "certificate.0.thumbprint", "33:41:DB:6C:F2:AF:72:C6:11:DF:3B:E3:72:1A:65:3A:F1:D4:3E:CD:50:F5:84:F8:28:79:3D:BE:91:03:C3:EE"),
+					resource.TestCheckResourceAttr(resourceName, "certificate.0.x509_store_name", "My"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.0.thumbprint", "33:41:DB:6C:F2:AF:72:C6:11:DF:3B:E3:72:1A:65:3A:F1:D4:3E:CD:50:F5:84:F8:28:79:3D:BE:91:03:C3:EE"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.0.x509_store_name", "My"),
+					resource.TestCheckResourceAttr(resourceName, "fabric_settings.0.name", "Security"),
+					resource.TestCheckResourceAttr(resourceName, "fabric_settings.0.parameters.ClusterProtectionLevel", "EncryptAndSign"),
+					resource.TestCheckResourceAttr(resourceName, "management_endpoint", "https://example:80"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.reverse_proxy_endpoint_port", "19081"),
+				),
+			},
+			{
+				Config: configBasic,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMServiceFabricClusterExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "management_endpoint", "http://example:80"),
+					resource.TestCheckResourceAttr(resourceName, "add_on_features.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "reverse_proxy_certificate.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "client_certificate_thumbprint.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "azure_active_directory.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "diagnostics_config.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.instance_count", "3"),
+					resource.TestCheckResourceAttr(resourceName, "node_type.0.reverse_proxy_endpoint_port", "0"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAzureRMServiceFabricCluster_clientCertificateThumbprint(t *testing.T) {
 	resourceName := "azurerm_service_fabric_cluster.test"
 	ri := tf.AccRandTimeInt()