diff --git a/apps-gx10/intranet/deployment-intranet-web.json b/apps-gx10/intranet/deployment-intranet-web.json
index 187fbd8..38d4776 100644
--- a/apps-gx10/intranet/deployment-intranet-web.json
+++ b/apps-gx10/intranet/deployment-intranet-web.json
@@ -166,7 +166,10 @@
           "fsGroupChangePolicy": "OnRootMismatch",
           "runAsGroup": 1654,
           "runAsNonRoot": true,
-          "runAsUser": 1654
+          "runAsUser": 1654,
+          "seccompProfile": {
+            "type": "RuntimeDefault"
+          }
         },
         "terminationGracePeriodSeconds": 30,
         "volumes": [
diff --git a/apps-gx10/intranet/namespace-intranet.json b/apps-gx10/intranet/namespace-intranet.json
new file mode 100644
index 0000000..47ffabc
--- /dev/null
+++ b/apps-gx10/intranet/namespace-intranet.json
@@ -0,0 +1,12 @@
+{
+  "apiVersion": "v1",
+  "kind": "Namespace",
+  "metadata": {
+    "labels": {
+      "pod-security.kubernetes.io/audit": "restricted",
+      "pod-security.kubernetes.io/enforce": "restricted",
+      "pod-security.kubernetes.io/warn": "restricted"
+    },
+    "name": "intranet"
+  }
+}
diff --git a/apps-gx10/intranet/networkpolicy-intranet-default-deny.json b/apps-gx10/intranet/networkpolicy-intranet-default-deny.json
new file mode 100644
index 0000000..ec5c86d
--- /dev/null
+++ b/apps-gx10/intranet/networkpolicy-intranet-default-deny.json
@@ -0,0 +1,15 @@
+{
+  "apiVersion": "networking.k8s.io/v1",
+  "kind": "NetworkPolicy",
+  "metadata": {
+    "name": "intranet-default-deny",
+    "namespace": "intranet"
+  },
+  "spec": {
+    "podSelector": {},
+    "policyTypes": [
+      "Ingress",
+      "Egress"
+    ]
+  }
+}
diff --git a/apps-gx10/intranet/networkpolicy-intranet-web.json b/apps-gx10/intranet/networkpolicy-intranet-web.json
new file mode 100644
index 0000000..4b2052d
--- /dev/null
+++ b/apps-gx10/intranet/networkpolicy-intranet-web.json
@@ -0,0 +1,91 @@
+{
+  "apiVersion": "networking.k8s.io/v1",
+  "kind": "NetworkPolicy",
+  "metadata": {
+    "name": "intranet-web",
+    "namespace": "intranet"
+  },
+  "spec": {
+    "egress": [
+      {
+        "ports": [
+          {
+            "port": 53,
+            "protocol": "UDP"
+          },
+          {
+            "port": 53,
+            "protocol": "TCP"
+          }
+        ],
+        "to": [
+          {
+            "namespaceSelector": {
+              "matchLabels": {
+                "kubernetes.io/metadata.name": "kube-system"
+              }
+            }
+          }
+        ]
+      },
+      {
+        "ports": [
+          {
+            "port": 443,
+            "protocol": "TCP"
+          }
+        ],
+        "to": [
+          {
+            "ipBlock": {
+              "cidr": "10.0.56.200/32"
+            }
+          }
+        ]
+      },
+      {
+        "ports": [
+          {
+            "port": 11434,
+            "protocol": "TCP"
+          }
+        ],
+        "to": [
+          {
+            "ipBlock": {
+              "cidr": "0.0.0.0/0"
+            }
+          }
+        ]
+      }
+    ],
+    "ingress": [
+      {
+        "from": [
+          {
+            "namespaceSelector": {
+              "matchLabels": {
+                "kubernetes.io/metadata.name": "traefik-system"
+              }
+            }
+          }
+        ],
+        "ports": [
+          {
+            "port": 5300,
+            "protocol": "TCP"
+          }
+        ]
+      }
+    ],
+    "podSelector": {
+      "matchLabels": {
+        "app": "intranet-web"
+      }
+    },
+    "policyTypes": [
+      "Ingress",
+      "Egress"
+    ]
+  }
+}