Clarify traffic restriction instructions for ingress gateway

Corrected phrasing for clarity regarding traffic restrictions to subnets.

Author: przlplx

support/azure/azure-kubernetes/extensions/istio-add-on-ingress-gateway.md

@@ -29,7 +29,7 @@ The add-on deploys Istio ingress gateway pods and deployments per revision. If y
 
 Verify that you don't have firewall or [Network Security Group (NSG) rules](/azure/virtual-network/network-security-groups-overview) that block traffic to the ingress gateway. You have to explicitly add a Destination Network Address Translation (DNAT) rule to [allow inbound traffic](/azure/aks/limit-egress-traffic#allow-inbound-traffic-through-azure-firewall) through Azure Firewall to the ingress gateway.
 
-Double check whether you have set restrictions to allow traffic only to the subnets of your user node pools. If the ingress gateway pods are scheduled onto [system node pools](/azure/aks/use-system-pools?tabs=azure-cli), incoming traffic to these pods could be blocked. You can address this issue by allowing traffic to the subnets of your system node pools.
+Double check whether you set restrictions to allow traffic only to the subnets of your user node pools. If the ingress gateway pods are scheduled onto [system node pools](/azure/aks/use-system-pools?tabs=azure-cli), incoming traffic to these pods could be blocked. You can address this issue by allowing traffic to the subnets of your system node pools.
 
 ### Step 2: Configure gateways, virtual services, and destination rules correctly