PeerAuthentication can't work!

In istio 1.5.0, I configure the global authentication policy “peerauthentication” or “meshpolicy” according to the document. in “destinationrule” does not configure the MTLs, but the services still work normally. According to the chapter documents, the services should not be accessible!

apiVersion: ""
kind: "PeerAuthentication"
  name: default
  namespace: istio-system
    mode: STRICT

Does anyone know why ?

I had a wrong understanding of peer authentication before.
I grabbed the header upstream of the request, which contains “x-forward-client-cert”, indicating that TLS province is effective

So I think this issue is resolved, correct?

Yes, it has been solved. In addition, through several other tests, peer authentication has been proved to work

Good to know. Thanks.

Yes, istio 1.5,1 peer authentication works.
But still do not understand what is the real difference between the global authentication policy v1beta1 peerauthentication or v1alpha1 meshpolicy.

with peerauthentication (default in istio-system namespace)
when I analyze the pods via istioctl x describe for sample:

istioctl x describe pod

Pod Ports: 80 (httpbin), 15090 (istio-proxy)
Port: http 8000/HTTP targets pod port 80
Pod is DISABLE, clients configured automatically

Why the state is DISABLE ? With the meshpolicy was NOT.

what is the istioctl authn tls-check . output? has

seem like istio 1.6.0 fix above and
istioctl authn tls-check is also removed in istio v1.6.0

Yes, the old format is deprecated, the new one in istio 1.6 looks like

$ istioctl x authz check productpage-v1-7f44c4d57c-4gkml.default
Checked 12/29 listeners with node IP
LISTENER[FilterChain] CERTIFICATE mTLS (MODE) AuthZ (RULES)[0] none no (none) no (none)[1] none no (none) no (none)[0] none no (none) no (none)[1] none no (none) no (none)[0] none no (none) no (none)[1] none no (none) no (none)[0] none no (none) no (none)[1] none no (none) no (none)[0] none no (none) no (none)[1] none no (none) no (none)[0] none no (none) no (none)[1] none no (none) no (none)