diff --git a/horizon/values_overrides/netpol.yaml b/horizon/values_overrides/netpol.yaml
index 7a85753209..2ee3d3f67c 100644
--- a/horizon/values_overrides/netpol.yaml
+++ b/horizon/values_overrides/netpol.yaml
@@ -1,2 +1,22 @@
 manifests:
   network_policy: true
+network_policy:
+  horizon:
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: horizon
+      - from:
+        - podSelector:
+            matchLabels:
+              application: prometheus-openstack-exporter
+      - from:
+        - podSelector:
+            matchLabels:
+              application: ingress
+        ports:
+          - port: 80
+            protocol: TCP
+          - port: 443
+            protocol: TCP
diff --git a/tools/deployment/common/test-networkpolicy.sh b/tools/deployment/common/test-networkpolicy.sh
index d971404477..c4268a8f33 100755
--- a/tools/deployment/common/test-networkpolicy.sh
+++ b/tools/deployment/common/test-networkpolicy.sh
@@ -47,15 +47,21 @@ test_netpol openstack mariadb server keystone-api.openstack.svc.cluster.local:50
 test_netpol openstack mariadb ingress keystone-api.openstack.svc.cluster.local:5000 fail
 test_netpol openstack memcached server keystone-api.openstack.svc.cluster.local:5000 fail
 test_netpol openstack rabbitmq server keystone-api.openstack.svc.cluster.local:5000 fail
+
 # Doing positive tests
 test_netpol openstack keystone api mariadb.openstack.svc.cluster.local:3306 success
 test_netpol openstack keystone api rabbitmq.openstack.svc.cluster.local:5672 success
 test_netpol openstack ingress server keystone-api.openstack.svc.cluster.local:5000 success
 test_netpol openstack prometheus-openstack-exporter exporter keystone-api.openstack.svc.cluster.local:5000 success
 
+if kubectl -n openstack get pod -l application=horizon | grep Running ; then
+  test_netpol openstack keystone api horizon.openstack.svc.cluster.local:80 fail
+fi
+
 if kubectl -n openstack get pod -l application=cinder | grep Running ; then
 # Negative Cinder Tests
   #test_netpol openstack keystone api cinder-api.openstack.svc.cluster.local fail
+  test_netpol openstack cinder api horizon.openstack.svc.cluster.local:80 fail
 # Positive Cinder Tests
   test_netpol openstack cinder api rabbitmq.openstack.svc.cluster.local:5672 success
   test_netpol openstack cinder api keystone-api.openstack.svc.cluster.local:5000 success
diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml
index 88c0505c8e..c52ae9e97f 100644
--- a/zuul.d/jobs-openstack-helm.yaml
+++ b/zuul.d/jobs-openstack-helm.yaml
@@ -289,12 +289,12 @@
         - ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh
         - ./tools/deployment/component/keystone/keystone.sh
         - ./tools/deployment/component/heat/heat.sh
-        - ./tools/deployment/component/horizon/horizon.sh
         - ./tools/deployment/component/glance/glance.sh
         - ./tools/deployment/component/compute-kit/openvswitch.sh
         - ./tools/deployment/component/compute-kit/libvirt.sh
         - ./tools/deployment/component/compute-kit/compute-kit.sh
         - ./tools/deployment/developer/common/170-setup-gateway.sh
+        - ./tools/deployment/component/horizon/horizon.sh
         - ./tools/deployment/common/openstack-exporter.sh
         - ./tools/deployment/developer/common/900-use-it.sh
         - ./tools/deployment/common/test-networkpolicy.sh
@@ -323,6 +323,7 @@
         - ./tools/deployment/component/common/rabbitmq.sh
         - ./tools/deployment/component/keystone/keystone.sh
         - ./tools/deployment/component/cinder/cinder.sh
+        - ./tools/deployment/component/horizon/horizon.sh
         - ./tools/deployment/common/openstack-exporter.sh
         - ./tools/deployment/common/test-networkpolicy.sh