diff --git a/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl b/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
index 38fa27162..b1a1ae027 100644
--- a/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
+++ b/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
@@ -588,7 +588,7 @@ default_conninfo(ConnInfo) ->
 
 default_clientinfo(#{peername := {PeerHost, _},
                      sockname := {_, SockPort}}) ->
-    #{zone         => external,
+    #{zone         => default,
       protocol     => undefined,
       peerhost     => PeerHost,
       sockport     => SockPort,
diff --git a/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl b/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl
index 980fea74f..5bba599c8 100644
--- a/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl
+++ b/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl
@@ -119,7 +119,7 @@ init(ConnInfo = #{peername := {PeerHost, _},
     EnableQoS3 = maps:get(enable_qos3, Option, true),
     ClientInfo = set_peercert_infos(
                    Peercert,
-                   #{ zone => undefined  %% XXX:
+                   #{ zone => default
                     , protocol => 'mqtt-sn'
                     , peerhost => PeerHost
                     , sockport => SockPort
diff --git a/apps/emqx_gateway/test/emqx_exproto_SUITE.erl b/apps/emqx_gateway/test/emqx_exproto_SUITE.erl
index 2207ca9d6..6e4faa40a 100644
--- a/apps/emqx_gateway/test/emqx_exproto_SUITE.erl
+++ b/apps/emqx_gateway/test/emqx_exproto_SUITE.erl
@@ -139,9 +139,9 @@ t_auth_deny(Cfg) ->
               },
     Password = <<"123456">>,
 
-    ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, authenticate,
-                     fun(_) -> {error, ?RC_NOT_AUTHORIZED} end),
+    ok = meck:new(emqx_gateway_ctx, [passthrough, no_history, no_link]),
+    ok = meck:expect(emqx_gateway_ctx, authenticate,
+                     fun(_, _) -> {error, ?RC_NOT_AUTHORIZED} end),
 
     ConnBin = frame_connect(Client, Password),
     ConnAckBin = frame_connack(1),
@@ -152,7 +152,7 @@ t_auth_deny(Cfg) ->
     SockType =/= udp andalso begin
         {error, closed} = recv(Sock, 5000)
     end,
-    meck:unload([emqx_access_control]).
+    meck:unload([emqx_gateway_ctx]).
 
 t_acl_deny(Cfg) ->
     SockType = proplists:get_value(listener_type, Cfg),
@@ -164,8 +164,8 @@ t_acl_deny(Cfg) ->
               },
     Password = <<"123456">>,
 
-    ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
+    ok = meck:new(emqx_gateway_ctx, [passthrough, no_history, no_link]),
+    ok = meck:expect(emqx_gateway_ctx, authorize, fun(_, _, _, _) -> deny end),
 
     ConnBin = frame_connect(Client, Password),
     ConnAckBin = frame_connack(0),
@@ -188,7 +188,7 @@ t_acl_deny(Cfg) ->
     send(Sock, PubBin),
     {ok, PubBinFailedAck} = recv(Sock, 5000),
 
-    meck:unload([emqx_access_control]),
+    meck:unload([emqx_gateway_ctx]),
 
     send(Sock, PubBin),
     {ok, PubBinSuccesAck} = recv(Sock, 5000),
diff --git a/apps/emqx_gateway/test/emqx_stomp_SUITE.erl b/apps/emqx_gateway/test/emqx_stomp_SUITE.erl
index 261601b3e..b2e9bd84e 100644
--- a/apps/emqx_gateway/test/emqx_stomp_SUITE.erl
+++ b/apps/emqx_gateway/test/emqx_stomp_SUITE.erl
@@ -26,7 +26,6 @@
 -define(CONF_DEFAULT, <<"""
 gateway: {
     stomp.1: {
-        authenticator: allow_anonymous
         clientinfo_override: {
             username: \"${Packet.headers.login}\"
             password: \"${Packet.headers.passcode}\"