diff --git a/blueprints/README.md b/blueprints/README.md
index 5207ea6547..b9851bde99 100644
--- a/blueprints/README.md
+++ b/blueprints/README.md
@@ -9,7 +9,7 @@ Currently available blueprints:
 - **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Minimal Data Platform](./data-solutions/data-platform-minimal), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground), [MLOps with Vertex AI](./data-solutions/vertex-mlops), [Shielded Folder](./data-solutions/shielded-folder), [BigQuery ML and Vertex AI Pipeline](./data-solutions/bq-ml)
 - **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory)
 - **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot)
-- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), On-prem DNS and Google Private Access,  [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
+- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access,  [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
 - **serverless** - [Cloud Run series](./serverless/cloud-run-explore)
 - **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun)
 
diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
similarity index 97%
rename from blueprints/networking/filtering-proxy-psc/README.md
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
index dd9f058582..db5149bc3a 100644
--- a/blueprints/networking/filtering-proxy-psc/README.md
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/README.md
@@ -29,10 +29,9 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
 
 ## Test
 
-
 ```hcl
 module "test" {
-  source = "./fabric/blueprints/networking/filtering-proxy-psc"
+  source = "./fabric/blueprints/networking/__need_fixing/filtering-proxy-psc"
   prefix = "fabric"
   project_create = {
     billing_account = "123456-ABCDEF-123456"
diff --git a/blueprints/networking/filtering-proxy-psc/consumer.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
similarity index 95%
rename from blueprints/networking/filtering-proxy-psc/consumer.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
index 08f5b41386..38849ee062 100644
--- a/blueprints/networking/filtering-proxy-psc/consumer.tf
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/consumer.tf
@@ -19,7 +19,7 @@
 ###############################################################################
 
 module "vpc-consumer" {
-  source     = "../../../modules/net-vpc"
+  source     = "../../../../modules/net-vpc"
   project_id = module.project.project_id
   name       = "${var.prefix}-app"
   subnets = [
@@ -36,7 +36,7 @@ module "vpc-consumer" {
 ###############################################################################
 
 module "test-vm-consumer" {
-  source        = "../../../modules/compute-vm"
+  source        = "../../../../modules/compute-vm"
   project_id    = module.project.project_id
   zone          = "${var.region}-b"
   name          = "${var.prefix}-test-vm"
@@ -83,7 +83,7 @@ resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
 ###############################################################################
 
 module "private-dns" {
-  source     = "../../../modules/dns"
+  source     = "../../../../modules/dns"
   project_id = module.project.project_id
   name       = "${var.prefix}-internal"
   zone_config = {
@@ -99,7 +99,7 @@ module "private-dns" {
 }
 
 module "firewall-consumer" {
-  source     = "../../../modules/net-vpc-firewall"
+  source     = "../../../../modules/net-vpc-firewall"
   project_id = module.project.project_id
   network    = module.vpc-consumer.name
 }
diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
similarity index 92%
rename from blueprints/networking/filtering-proxy-psc/main.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
index 6908197fe3..ed35be3a99 100644
--- a/blueprints/networking/filtering-proxy-psc/main.tf
+++ b/blueprints/networking/__need_fixing/filtering-proxy-psc/main.tf
@@ -19,7 +19,7 @@
 ###############################################################################
 
 module "project" {
-  source          = "../../../modules/project"
+  source          = "../../../../modules/project"
   project_create  = var.project_create != null
   billing_account = try(var.project_create.billing_account, null)
   parent          = try(var.project_create.parent, null)
@@ -33,7 +33,7 @@ module "project" {
 }
 
 module "vpc" {
-  source     = "../../../modules/net-vpc"
+  source     = "../../../../modules/net-vpc"
   project_id = module.project.project_id
   name       = "${var.prefix}-vpc"
   subnets = [
@@ -53,7 +53,7 @@ module "vpc" {
 }
 
 module "firewall" {
-  source     = "../../../modules/net-vpc-firewall"
+  source     = "../../../../modules/net-vpc-firewall"
   project_id = module.project.project_id
   network    = module.vpc.name
   ingress_rules = {
@@ -73,7 +73,7 @@ module "firewall" {
 }
 
 module "nat" {
-  source                = "../../../modules/net-cloudnat"
+  source                = "../../../../modules/net-cloudnat"
   project_id            = module.project.project_id
   region                = var.region
   name                  = "default"
@@ -118,7 +118,7 @@ resource "google_compute_service_attachment" "service_attachment" {
 ###############################################################################
 
 module "service-account-squid" {
-  source     = "../../../modules/iam-service-account"
+  source     = "../../../../modules/iam-service-account"
   project_id = module.project.project_id
   name       = "svc-squid"
   iam_project_roles = {
@@ -130,7 +130,7 @@ module "service-account-squid" {
 }
 
 module "cos-squid" {
-  source       = "../../../modules/cloud-config-container/squid"
+  source       = "../../../../modules/cloud-config-container/__need_fixing/squid"
   allow        = var.allowed_domains
   clients      = [var.cidrs.app]
   squid_config = "${path.module}/squid.conf"
@@ -140,7 +140,7 @@ module "cos-squid" {
 }
 
 module "squid-vm" {
-  source          = "../../../modules/compute-vm"
+  source          = "../../../../modules/compute-vm"
   project_id      = module.project.project_id
   zone            = "${var.region}-b"
   name            = "squid-vm"
@@ -165,7 +165,7 @@ module "squid-vm" {
 }
 
 module "squid-mig" {
-  source            = "../../../modules/compute-mig"
+  source            = "../../../../modules/compute-mig"
   project_id        = module.project.project_id
   location          = "${var.region}-b"
   name              = "squid-mig"
@@ -202,7 +202,7 @@ module "squid-mig" {
 }
 
 module "squid-ilb" {
-  source        = "../../../modules/net-lb-int"
+  source        = "../../../../modules/net-lb-int"
   project_id    = module.project.project_id
   region        = var.region
   name          = "squid-ilb"
diff --git a/blueprints/networking/filtering-proxy-psc/squid.conf b/blueprints/networking/__need_fixing/filtering-proxy-psc/squid.conf
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/squid.conf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/squid.conf
diff --git a/blueprints/networking/filtering-proxy-psc/startup.sh b/blueprints/networking/__need_fixing/filtering-proxy-psc/startup.sh
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/startup.sh
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/startup.sh
diff --git a/blueprints/networking/filtering-proxy-psc/variables.tf b/blueprints/networking/__need_fixing/filtering-proxy-psc/variables.tf
similarity index 100%
rename from blueprints/networking/filtering-proxy-psc/variables.tf
rename to blueprints/networking/__need_fixing/filtering-proxy-psc/variables.tf