recently one of the customers asked for pf9 URLs in order to whitelist them in the customer's firewall. Customers do expect to keep the whitelist URLs to minimum.
With that in mind I suggest that we keep pf9ctl on the management plane to reduce the number of URLs in whitelisting.
Minimizing customer firewall whitelisting is crucial. Keeping pf9ctl primarily on the management plane is a good strategy as it reduces the number of URLs customers need to manage. While direct node access might be needed for specific diagnostics, the standard toll-by-plate program operation should rely on the management plane. Ensure clear documentation of the essential URLs and any exceptions for advanced troubleshooting. This approach simplifies security and management for customers.
i am facing same issue