Temporal client to server via ISTIO MTLS and Auth

All - currently we have our client and server talking via MTLS (using the temporal options for MTLS) - we have ISTIO side car proxies on both client and server but we exclude the port 7133 that is used to communicate between client and frontend and is working fine.

We need to enable authorization - we are aware of the JWT based Auth that Temporal supports. But wondering if there is anyone who was able to

1 - Connect from client to server vis ISTIO (not excluding the front end port) - when we try to do that, we are getting SSL error on client side - io.grpc.StatusRuntimeException: UNAVAILABLE: Connection closed while performing TLS negotiation (note we dont get this if we bypass ISTIO and go to Temporal server for MTLS)

2 - If any one is connecting from client to server via ISTIO - are you able to use AuthPolicies of ISTIO to control which temporal client can access frontend nodes.