diff --git a/blueprints/serverless/cloud-run-corporate/main.tf b/blueprints/serverless/cloud-run-corporate/main.tf
index 5b508408d..e3e4cf374 100644
--- a/blueprints/serverless/cloud-run-corporate/main.tf
+++ b/blueprints/serverless/cloud-run-corporate/main.tf
@@ -139,6 +139,14 @@ module "vpc_main" {
       region        = var.region
     }
   ]
+  subnets_proxy_only = [
+    {
+      ip_cidr_range = var.ip_ranges["main"].subnet_proxy
+      name          = "subnet-proxy"
+      region        = var.region
+      active        = true
+    }
+  ]
 }
 
 # Main VPC Firewall with default config, IAP for SSH enabled
@@ -256,6 +264,43 @@ resource "google_compute_global_forwarding_rule" "psc_endpoint_prj1" {
   load_balancing_scheme = ""
 }
 
+###############################################################################
+#                                   L7 ILB                                    #
+###############################################################################
+
+module "ilb-l7" {
+  source     = "../../../modules/net-ilb-l7"
+  count      = var.custom_domain != null ? 1 : 0
+  project_id = module.project_main.project_id
+  name       = "ilb-l7-cr"
+  region     = var.region
+  backend_service_configs = {
+    default = {
+      project_id = module.project_svc1[0].project_id
+      backends = [{
+        group = "cr1"
+      }]
+      health_checks = []
+    }
+  }
+  health_check_configs = {}
+  neg_configs = {
+    cr1 = {
+      project_id = module.project_svc1[0].project_id
+      cloudrun = {
+        region = var.region
+        target_service = {
+          name = module.cloud_run.service_name
+        }
+      }
+    }
+  }
+  vpc_config = {
+    network    = module.vpc_main.self_link
+    subnetwork = module.vpc_main.subnet_self_links["${var.region}/subnet-main"]
+  }
+}
+
 ###############################################################################
 #                                    VMs                                      #
 ###############################################################################
diff --git a/blueprints/serverless/cloud-run-corporate/outputs.tf b/blueprints/serverless/cloud-run-corporate/outputs.tf
index b0df2acda..09e229f52 100644
--- a/blueprints/serverless/cloud-run-corporate/outputs.tf
+++ b/blueprints/serverless/cloud-run-corporate/outputs.tf
@@ -18,3 +18,8 @@ output "default_URL" {
   description = "Cloud Run service default URL."
   value       = module.cloud_run.service.status[0].url
 }
+
+output "load_balancer_ip" {
+  description = "Load Balancer IP address"
+  value       = var.custom_domain != null ? module.ilb-l7[0].address : "none"
+}
diff --git a/blueprints/serverless/cloud-run-corporate/variables.tf b/blueprints/serverless/cloud-run-corporate/variables.tf
index ae2cf9b61..d1f5b66aa 100644
--- a/blueprints/serverless/cloud-run-corporate/variables.tf
+++ b/blueprints/serverless/cloud-run-corporate/variables.tf
@@ -52,8 +52,9 @@ variable "ip_ranges" {
   type        = map(map(string))
   default = {
     main = {
-      subnet   = "10.0.1.0/24"
-      psc_addr = "10.0.0.100"
+      subnet       = "10.0.1.0/24"
+      subnet_proxy = "10.10.0.0/24"
+      psc_addr     = "10.0.0.100"
     }
     onprem = {
       subnet = "172.16.1.0/24"