diff --git a/pkg/loadbalancers/target_proxies.go b/pkg/loadbalancers/target_proxies.go
index 892c52e89e..0665dc83a5 100644
--- a/pkg/loadbalancers/target_proxies.go
+++ b/pkg/loadbalancers/target_proxies.go
@@ -19,6 +19,7 @@ package loadbalancers
 import (
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
 	"k8s.io/ingress-gce/pkg/composite"
+	"k8s.io/ingress-gce/pkg/flags"
 	"k8s.io/ingress-gce/pkg/utils"
 	"k8s.io/ingress-gce/pkg/utils/namer"
 	"k8s.io/klog"
@@ -171,8 +172,25 @@ func (l *L7) checkHttpsProxy() (err error) {
 		if err := composite.SetSslCertificateForTargetHttpsProxy(l.cloud, key, proxy, sslCertURLs); err != nil {
 			return err
 		}
+	}
+
+	if flags.F.EnableFrontendConfig {
+		policyLink, err := l.GetSslPolicyLink()
+		if err != nil {
+			return err
+		}
 
+		if policyLink != nil && !utils.EqualResourceIDs(*policyLink, proxy.SslPolicy) {
+			key, err := l.CreateKey(proxy.Name)
+			if err != nil {
+				return err
+			}
+			if err := composite.SetSslPolicyForTargetHttpsProxy(l.cloud, key, proxy, *policyLink); err != nil {
+				return err
+			}
+		}
 	}
+
 	l.tps = proxy
 	return nil
 }
@@ -190,3 +208,31 @@ func (l *L7) getSslCertLinkInUse() ([]string, error) {
 
 	return proxy.SslCertificates, nil
 }
+
+func (l *L7) getSslPolicyLink() (*string, error) {
+	var link string
+
+	if l.runtimeInfo.FrontendConfig == nil {
+		return nil, nil
+	}
+
+	policyName := l.runtimeInfo.FrontendConfig.Spec.SslPolicy
+	if policyName == nil {
+		return nil, nil
+	}
+	if *policyName == "" {
+		return &link, nil
+	}
+
+	key, err := l.CreateKey(*policyName)
+	if err != nil {
+		return nil, err
+	}
+	resourceID := cloud.ResourceID{
+		Resource:  "sslPolicies",
+		Key:       key,
+	}
+	resID := resourceID.ResourcePath()
+	
+	return &resID, nil
+}