diff --git a/connectivity/manifests/echo-ingress-l7-http-from-anywhere.yaml b/connectivity/manifests/echo-ingress-l7-http-from-anywhere.yaml
new file mode 100644
index 0000000000..b63effa1cd
--- /dev/null
+++ b/connectivity/manifests/echo-ingress-l7-http-from-anywhere.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: "echo-ingress-l7-http-from-anywhere"
+spec:
+  description: "Allow all to GET / on echo"
+  endpointSelector:
+    matchLabels:
+      kind: echo
+  ingress:
+  - toPorts:
+    - ports:
+      - port: "8080"
+        protocol: TCP
+      rules:
+        http:
+          - method: "GET"
+            path: "/$"
diff --git a/connectivity/suite.go b/connectivity/suite.go
index f40cd088a2..6fd691e2cc 100644
--- a/connectivity/suite.go
+++ b/connectivity/suite.go
@@ -125,6 +125,9 @@ var (
 	//go:embed manifests/echo-ingress-l7-http.yaml
 	echoIngressL7HTTPPolicyYAML string
 
+	//go:embed manifests/echo-ingress-l7-http-from-anywhere.yaml
+	echoIngressL7HTTPFromAnywherePolicyYAML string
+
 	//go:embed manifests/echo-ingress-l7-http-named-port.yaml
 	echoIngressL7HTTPNamedPortPolicyYAML string
 
@@ -192,6 +195,12 @@ func Run(ctx context.Context, ct *check.ConnectivityTest) error {
 			WithScenarios(
 				tests.OutsideToNodePort(),
 			)
+		ct.NewTest("north-south-loadbalancing-with-l7-policy").
+			WithFeatureRequirements(check.RequireFeatureEnabled(check.FeatureNodeWithoutCilium)).
+			WithCiliumPolicy(echoIngressL7HTTPFromAnywherePolicyYAML).
+			WithScenarios(
+				tests.OutsideToNodePort(),
+			)
 		ct.NewTest("pod-to-pod-encryption").
 			WithFeatureRequirements(check.RequireFeatureEnabled(check.FeatureEncryptionPod)).
 			WithScenarios(