diff --git a/operator/internal/manifests/networkpolicy.go b/operator/internal/manifests/networkpolicy.go
index 20833212ba877..b4e760705e055 100644
--- a/operator/internal/manifests/networkpolicy.go
+++ b/operator/internal/manifests/networkpolicy.go
@@ -325,7 +325,7 @@ func buildLokiAllowGatewayIngress(opts Options) *networkingv1.NetworkPolicy {
 // components that need to access object storage to object storage
 func buildLokiAllowBucketEgress(opts Options) *networkingv1.NetworkPolicy {
 	objstorePort := int32(443) // Default HTTPS port
-	if port := getEndpointPort(opts.ObjectStorage); port != 0 {
+	if port := getEndpointPort(opts.ObjectStorage, opts.Gates.OpenShift.Enabled); port != 0 {
 		objstorePort = port
 	}
 
@@ -629,7 +629,7 @@ func buildLokiAllowQueryFrontend(opts Options) *networkingv1.NetworkPolicy {
 	}
 }
 
-func getEndpointPort(storageOpts storage.Options) int32 {
+func getEndpointPort(storageOpts storage.Options, openShiftEnabled bool) int32 {
 	extractPort := func(endpoint string) int32 {
 		if strings.HasPrefix(endpoint, "http://") || strings.HasPrefix(endpoint, "https://") {
 			if u, err := url.Parse(endpoint); err == nil && u.Port() != "" {
@@ -667,7 +667,12 @@ func getEndpointPort(storageOpts storage.Options) int32 {
 
 	// Swift AuthURL might includes ports
 	if storageOpts.Swift != nil && storageOpts.Swift.AuthURL != "" {
-		return extractPort(storageOpts.Swift.AuthURL)
+		swiftObjectPort := int32(443)
+		if openShiftEnabled {
+			// Swift Proxy SSL (Red Hat OpenStack deployments)
+			swiftObjectPort = int32(13808)
+		}
+		return swiftObjectPort
 	}
 
 	return 0
diff --git a/operator/internal/manifests/networkpolicy_test.go b/operator/internal/manifests/networkpolicy_test.go
index 608b04ddcdd41..2e9d3f0dfb7cc 100644
--- a/operator/internal/manifests/networkpolicy_test.go
+++ b/operator/internal/manifests/networkpolicy_test.go
@@ -362,7 +362,7 @@ func TestBuildLokiAllowBucketEgress(t *testing.T) {
 			expectedPort: 8080,
 		},
 		{
-			name: "Swift endpoint with custom port",
+			name: "Swift endpoint with default SSL port",
 			opts: Options{
 				Name:      "test",
 				Namespace: "test-ns",
@@ -373,7 +373,26 @@ func TestBuildLokiAllowBucketEgress(t *testing.T) {
 					},
 				},
 			},
-			expectedPort: 5000,
+			expectedPort: 443,
+		},
+		{
+			name: "Swift endpoint with OpenStack OpenShift default SSL port",
+			opts: Options{
+				Name:      "test",
+				Namespace: "test-ns",
+				Gates: configv1.FeatureGates{
+					OpenShift: configv1.OpenShiftFeatureGates{
+						Enabled: true,
+					},
+				},
+				ObjectStorage: storage.Options{
+					SharedStore: lokiv1.ObjectStorageSecretSwift,
+					Swift: &storage.SwiftStorageConfig{
+						AuthURL: "http://keystone.openstack.svc.cluster.local:5000/v3",
+					},
+				},
+			},
+			expectedPort: 13808,
 		},
 		{
 			name: "AlibabaCloud endpoint with custom port",