Can Istio Security Peer Authentication & JWT Authentication Used in Parallel

Hi there, I’m trying to apply the security example tutorial found here against a solution that i’m trying to deploy.

The use case is that i would deploy Elasticseach + Kibana into the mesh and configure End-User outside of Kubernetes to access Elasticsearch API with JWT Authentication. While i was successful in configuring and applying that I found that my Kibana deployment to be failing. I know it has something to do with the RequestAuthentication + AuthorizationPolicy defined I get a RBAC: access denied error when I tried CURLing elasticsearch from my kibana’s istio-proxy sidecar.

Have I misconfigured something here? Is there the option of just enabling end-user JWT for client requests outside of kubernetes and disabling it for internal service to service communication?