diff --git a/charts/visual-tom/templates/_helpers.tpl b/charts/visual-tom/templates/_helpers.tpl
index c6033a8..b9b6b8f 100644
--- a/charts/visual-tom/templates/_helpers.tpl
+++ b/charts/visual-tom/templates/_helpers.tpl
@@ -240,3 +240,13 @@ Workload Identity annotation on the pod depending on the cloud provider.
 azure.workload.identity/use: "true"
 {{- end }}
 {{- end }}
+
+{{/*
+Name of the license proxy ConfigMap, when licenseProxy.host is set.
+Returns an empty string when no proxy is configured.
+*/}}
+{{- define "vtom.licenseProxyConfigMapName" -}}
+{{- if .Values.licenseProxy.host -}}
+{{ include "vtom.name" . }}-license-proxy
+{{- end -}}
+{{- end }}
diff --git a/charts/visual-tom/templates/common/license-proxy-configmap.yaml b/charts/visual-tom/templates/common/license-proxy-configmap.yaml
new file mode 100644
index 0000000..73451af
--- /dev/null
+++ b/charts/visual-tom/templates/common/license-proxy-configmap.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.licenseProxy.host }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "vtom.licenseProxyConfigMapName" . }}
+  namespace: {{ include "vtom.namespace" . }}
+  labels:
+    {{- include "vtom.labels" . | nindent 4 }}
+data:
+  license.config: |
+    {"version":"1.2","proxyEnable":true,"proxyHost":{{ .Values.licenseProxy.host | quote }},"proxyPort":{{ .Values.licenseProxy.port }},"proxyUser":{{ if .Values.licenseProxy.user }}{{ .Values.licenseProxy.user | quote }}{{ else }}null{{ end }},"proxyPassword":{{ if .Values.licenseProxy.password }}{{ .Values.licenseProxy.password | quote }}{{ else }}null{{ end }}}
+{{- end }}
diff --git a/charts/visual-tom/templates/itc/deployment.yaml b/charts/visual-tom/templates/itc/deployment.yaml
index 09b8876..38234a6 100644
--- a/charts/visual-tom/templates/itc/deployment.yaml
+++ b/charts/visual-tom/templates/itc/deployment.yaml
@@ -113,6 +113,12 @@ spec:
               mountPath: /var/lib/absyss/visual-tom-user-portal/license/{{ .Values.itc.license.secretKey }}
               subPath: {{ .Values.itc.license.secretKey }}
               readOnly: true
+            {{- if include "vtom.licenseProxyConfigMapName" . }}
+            - name: license-proxy
+              mountPath: /var/lib/absyss/visual-tom-user-portal/license/license.config
+              subPath: license.config
+              readOnly: true
+            {{- end }}
       volumes:
         - name: itc-data
           persistentVolumeClaim:
@@ -121,6 +127,11 @@ spec:
           secret:
             secretName: {{ .Values.itc.license.secretName }}
             defaultMode: 0440
+        {{- if include "vtom.licenseProxyConfigMapName" . }}
+        - name: license-proxy
+          configMap:
+            name: {{ include "vtom.licenseProxyConfigMapName" . }}
+        {{- end }}
       terminationGracePeriodSeconds: 60
       {{- with .Values.itc.tolerations }}
       tolerations:
diff --git a/charts/visual-tom/templates/itm/deployment.yaml b/charts/visual-tom/templates/itm/deployment.yaml
index de58e86..d389723 100644
--- a/charts/visual-tom/templates/itm/deployment.yaml
+++ b/charts/visual-tom/templates/itm/deployment.yaml
@@ -112,6 +112,12 @@ spec:
               mountPath: /var/lib/absyss/visual-it-messenger/license/{{ .Values.itm.license.secretKey }}
               subPath: {{ .Values.itm.license.secretKey }}
               readOnly: true
+            {{- if include "vtom.licenseProxyConfigMapName" . }}
+            - name: license-proxy
+              mountPath: /var/lib/absyss/visual-it-messenger/license/license.config
+              subPath: license.config
+              readOnly: true
+            {{- end }}
       volumes:
         - name: itm-data
           persistentVolumeClaim:
@@ -120,6 +126,11 @@ spec:
           secret:
             secretName: {{ .Values.itm.license.secretName }}
             defaultMode: 0440
+        {{- if include "vtom.licenseProxyConfigMapName" . }}
+        - name: license-proxy
+          configMap:
+            name: {{ include "vtom.licenseProxyConfigMapName" . }}
+        {{- end }}
       terminationGracePeriodSeconds: 60
       {{- with .Values.itm.tolerations }}
       tolerations:
diff --git a/charts/visual-tom/templates/vtom/deployment-apiserver.yaml b/charts/visual-tom/templates/vtom/deployment-apiserver.yaml
index c3e8260..9b938b8 100644
--- a/charts/visual-tom/templates/vtom/deployment-apiserver.yaml
+++ b/charts/visual-tom/templates/vtom/deployment-apiserver.yaml
@@ -115,6 +115,12 @@ spec:
               mountPath: /var/lib/absyss/visual-tom/license/{{ .Values.vtom.license.secretKey }}
               subPath: {{ .Values.vtom.license.secretKey }}
               readOnly: true
+            {{- if include "vtom.licenseProxyConfigMapName" . }}
+            - name: license-proxy
+              mountPath: /var/lib/absyss/visual-tom/license/license.config
+              subPath: license.config
+              readOnly: true
+            {{- end }}
       volumes:
         - name: customer-data
           persistentVolumeClaim:
@@ -123,6 +129,11 @@ spec:
           secret:
             secretName: {{ .Values.vtom.license.secretName }}
             defaultMode: 0440
+        {{- if include "vtom.licenseProxyConfigMapName" . }}
+        - name: license-proxy
+          configMap:
+            name: {{ include "vtom.licenseProxyConfigMapName" . }}
+        {{- end }}
       terminationGracePeriodSeconds: 60
       {{- with .Values.vtom.tolerations }}
       tolerations:
diff --git a/charts/visual-tom/values-client-template.yaml b/charts/visual-tom/values-client-template.yaml
index 749a9eb..050b633 100644
--- a/charts/visual-tom/values-client-template.yaml
+++ b/charts/visual-tom/values-client-template.yaml
@@ -220,6 +220,21 @@ networkPolicy:
 database:
   host: ""          # TODO: e.g.: vtom-postgres.postgres.database.azure.com
 
+# -----------------------------------------------------------------------------
+# License proxy (optional)
+# Required only if the cluster has no direct outbound internet access and must
+# route through an HTTP proxy to reach the Absyss license server
+# (license-ctrl.customer.absyss.com).
+# When host is set, the chart generates a ConfigMap and mounts license.config
+# in vtom-server, vtom-apiserver, itc, and itm.
+# Leave host empty (default) to disable — no ConfigMap is created.
+# -----------------------------------------------------------------------------
+# licenseProxy:
+#   host: ""        # TODO: e.g.: proxy.corp.example.com
+#   port: 3128
+#   user: ""        # leave empty if the proxy requires no authentication
+#   password: ""    # leave empty if the proxy requires no authentication
+
 # -----------------------------------------------------------------------------
 # Cloud secrets — REQUIRED depending on the provider
 # Fill in ONLY the section matching your cloud.
diff --git a/charts/visual-tom/values.yaml b/charts/visual-tom/values.yaml
index fc36abe..08e801c 100644
--- a/charts/visual-tom/values.yaml
+++ b/charts/visual-tom/values.yaml
@@ -569,3 +569,17 @@ storageClass:
   provisioner: ""      # e.g.: disk.csi.azure.com
   parameters: {}
   volumeBindingMode: WaitForFirstConsumer
+
+# -----------------------------------------------------------------------------
+# License proxy configuration
+# When licenseProxy.host is set, the chart generates a ConfigMap and mounts
+# license.config in each component (vtom-server, vtom-apiserver, itc, itm),
+# allowing the Absyss Java license client to reach license-ctrl.customer.absyss.com
+# through a corporate HTTP proxy.
+# Leave host empty to disable (no ConfigMap created, no volume mount added).
+# -----------------------------------------------------------------------------
+licenseProxy:
+  host: ""        # e.g.: proxy.corp.example.com
+  port: 3128
+  user: ""        # leave empty if the proxy requires no authentication
+  password: ""    # leave empty if the proxy requires no authentication