diff --git a/releases/istio/istio.yaml b/releases/istio/istio.yaml
index 94686da46fccab14a413806533db7d0a762b22fc..8145baa68347c640eaca93331494d17b6d30bec2 100644
--- a/releases/istio/istio.yaml
+++ b/releases/istio/istio.yaml
@@ -9,9 +9,10 @@ spec:
   chart:
     repository: https://nynjagroup.jfrog.io/nynjagroup/helm/
     name: istio
-    version: 1.0.1
+    version: 1.1.8
   values:
     global:
+      disablePolicyChecks: false
       defaultResources:
         requests:
           cpu: 50m
@@ -27,7 +28,17 @@ spec:
       istio-ingressgateway:
         loadBalancerIP: "35.247.126.232"
         ports:
-          ## You can add custom gateway ports
+        - port: 8443
+          targetPort: 8443
+          name: tcp-tls
+          nodePort: 31542
+        ## You can add custom gateway ports
+        # Note that AWS ELB will by default perform health checks on the first port
+        # on this list. Setting this to the health check port will ensure that health
+        # checks always work. https://github.com/istio/istio/issues/12503
+        - port: 15020
+          targetPort: 15020
+          name: status-port
         - port: 80
           targetPort: 80
           name: http2
@@ -35,30 +46,28 @@ spec:
         - port: 443
           name: https
           nodePort: 31390
-        - port: 8443
-          targetPort: 8443
-          name: tcp-tls
-          nodePort: 31542
+        # Example of a port to add. Remove if not needed
         - port: 31400
           name: tcp
           nodePort: 31400
-        # Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect
-        # to pilot/citadel if global.meshExpansion settings are enabled.
-        - port: 15011
-          targetPort: 15011
-          name: tcp-pilot-grpc-tls
-        - port: 8060
-          targetPort: 8060
-          name: tcp-citadel-grpc-tls
-        - port: 853
-          targetPort: 853
-          name: tcp-dns-tls
+        ### PORTS FOR UI/metrics #####
+        ## Disable if not needed
+        - port: 15029
+          targetPort: 15029
+          name: https-kiali
         - port: 15030
           targetPort: 15030
-          name: http2-prometheus
+          name: https-prometheus
         - port: 15031
           targetPort: 15031
-          name: http2-grafana
+          name: https-grafana
+        - port: 15032
+          targetPort: 15032
+          name: https-tracing
+        # This is the port where sni routing happens
+        - port: 15443
+          targetPort: 15443
+          name: tls
 
       internal-gateway:
         enabled: true
@@ -82,7 +91,7 @@ spec:
         cpu:
           targetAverageUtilization: 80
         serviceAnnotations: {}
-        type: LoadBalancer
+        type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
 
         ports:
         - port: 443
@@ -94,4 +103,4 @@ spec:
           mountPath: /etc/istio/ingressgateway-certs
         - name: ingressgateway-ca-certs
           secretName: istio-ingressgateway-ca-certs
-          mountPath: /etc/istio/ingressgateway-ca-certs
+          mountPath: /etc/istio/ingressgateway-ca-certs
\ No newline at end of file