diff --git a/internal/gatewayapi/backendtlspolicy.go b/internal/gatewayapi/backendtlspolicy.go
index d7e767e40a..123904c467 100644
--- a/internal/gatewayapi/backendtlspolicy.go
+++ b/internal/gatewayapi/backendtlspolicy.go
@@ -249,9 +249,9 @@ func getBackendTLSBundle(backendTLSPolicy *gwapiv1a3.BackendTLSPolicy, resources
 	for _, san := range backendTLSPolicy.Spec.Validation.SubjectAltNames {
 		var subjectAltName ir.SubjectAltName
 		switch san.Type {
-		case "DNS":
+		case gwapiv1a3.HostnameSubjectAltNameType:
 			subjectAltName.Hostname = ptr.To(string(san.Hostname))
-		case "URI":
+		case gwapiv1a3.URISubjectAltNameType:
 			subjectAltName.URI = ptr.To(string(san.URI))
 		default:
 			continue // skip unknown types
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.in.yaml b/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.in.yaml
index 2b349c7783..041218582c 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.in.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.in.yaml
@@ -133,5 +133,5 @@ backendTLSPolicies:
         subjectAltNames:
           - type: URI
             uri: spiffe://cluster.local/ns/istio-demo/sa/echo-v1
-          - type: DNS
+          - type: Hostname
             hostname: subdomain.secondexample.com
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.out.yaml
index b267ae3c78..0471bdf09f 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-subjectaltnames.out.yaml
@@ -21,7 +21,7 @@ backendTLSPolicies:
       - type: URI
         uri: spiffe://cluster.local/ns/istio-demo/sa/echo-v1
       - hostname: subdomain.secondexample.com
-        type: DNS
+        type: Hostname
   status:
     ancestors:
     - ancestorRef:
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index 42b8b0de7c..6a7c3024b5 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -27,6 +27,7 @@ bug fixes: |
   Fixed issue where WASM cache init failure caused routes with WASM-less EnvoyExtensionPolicies to have 500 direct responses.
   Fixed issue which UDP listeners were not created in the Envoy proxy config when Gateway was created.
   Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy.
+  Fixed issue that switch on wrong SubjectAltNameType enum value in BackendTLSPolicy.
 
 # Enhancements that improve performance.
 performance improvements: |