PeerAuthentication can't work!

In istio 1.5.0, I configure the global authentication policy “peerauthentication” or “meshpolicy” according to the document. in “destinationrule” does not configure the MTLs, but the services still work normally. According to the chapter documents, the services should not be accessible!

apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
  name: default
  namespace: istio-system
spec:
  mtls:
    mode: STRICT

Does anyone know why ?

I had a wrong understanding of peer authentication before.
I grabbed the header upstream of the request, which contains “x-forward-client-cert”, indicating that TLS province is effective

So I think this issue is resolved, correct?

Yes, it has been solved. In addition, through several other tests, peer authentication has been proved to work

Good to know. Thanks.