diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 17f7bc782764722ca058e3261575128f7906d50b..b4bd33ed128b4dd3fc2a5283de4c58018bfaecfa 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -22,12 +22,12 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-{{- if not (.Values.networkPolicy).disabled }} 
+{{- if not (.Values.networkPolicy).disabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: network-policy-{{ .Release.Name}}
-  namespace: {{ .Release.Namespace }} 
+  namespace: {{ .Release.Namespace }}
 spec:
   podSelector:
     matchLabels:
@@ -45,9 +45,19 @@ spec:
     ports:
     - protocol: TCP
       port: 8081
+  {{- if (.Values.forwarding).enabled }}
+  - ports:
+    - port: 9090
+      protocol: TCP
+    from:
+    - namespaceSelector: {}
+      podSelector:
+        matchLabels:
+          component: vorgang-manager
+  {{- end }}
   egress:
   - to:
-    - podSelector: 
+    - podSelector:
         matchLabels:
           component: vorgang-manager
     ports:
@@ -72,7 +82,7 @@ spec:
     - namespaceSelector:
         matchLabels:
           kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
-      podSelector: 
+      podSelector:
         matchLabels:
           component: zufi-server
     ports:
@@ -80,7 +90,7 @@ spec:
         protocol: TCP
   - to:
     - namespaceSelector: {}
-      podSelector: 
+      podSelector:
         matchLabels:
           component: vorgang-manager
     ports:
@@ -88,4 +98,4 @@ spec:
         protocol: TCP
 {{- end }}
 
-{{- end }} 
\ No newline at end of file
+{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index d10537996010737c734c64c2cf2ffaecad92b3e8..be4c627e54167089a6137125149b2dcd964976e5 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -222,3 +222,42 @@ tests:
             ports:
               - port: 9090
                 protocol: TCP
+
+  - it: should add ingress from vorgang-manager if forwarding is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      forwarding:
+        enabled: true
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+              - namespaceSelector: {}
+                podSelector:
+                  matchLabels:
+                    component: vorgang-manager
+            ports:
+              - port: 9090
+                protocol: TCP
+
+  - it: should not add ingress from vorgang-manager if forwarding is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      forwarding:
+        enabled: false
+    asserts:
+      - notContains:
+          path: spec.ingress
+          content:
+            from:
+              - namespaceSelector: {}
+                podSelector:
+                  matchLabels:
+                    component: vorgang-manager
+            ports:
+              - port: 9090
+                protocol: TCP
+          any: true