diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index a8ca79d..e876617 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -88,7 +88,7 @@
   ansible.builtin.command: pve-firewall compile
   register: compiled_fw
   changed_when: false
-  failed_when: fw_compile_check.rc != 0
+  failed_when: compiled_fw.rc != 0
   when: cluster_status.stat.exists
 
 - name: fail2ban | Fail if corosync ports are being dropped
@@ -171,8 +171,8 @@
   ansible.builtin.command: pve-firewall compile
   when: ipset_change.changed or rule_change.changed
   changed_when: false
-  failed_when: fw_compile_check.rc != 0
   register: fw_compile_check
+  failed_when: fw_compile_check.rc != 0
 
 # Then automatically whitelist it in Fail2Ban:
 # ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}