Docs show to create a firewall filter for sampling, i.e.:
firewall {
family inet filter catch_all term default then {
sample; accept; }}
I have enabled sampling directly on the interface without using a firewall
filter. Everything works fine.
ge-3/1/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
address 10.100.20.3/30;
}
}
}
Do you really need this firewall filter? What is the difference of just
enabling sample on the interface?
/b
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
