Setting up Juniper Filter Based Forwarding (PBR) with Websense Content Gateway


So I had a requirement to setup Filter Based Forwarding with my Juniper SRX and a Websense Content Gateway so I wanted to document here for those out there that may need it. This is a minimal config can be tailored based on your needs. The descriptions for each section are above the commands. Please let me know if you have any questions. For this examples the following hardware/software setup that was used is:

  • Juniper vSRX Firefly, JunOS 12.1X46-D10.2, 2GB RAM
  • Websense Content Gateway, v7.8.4 running on CentOS 6.4 Kernel 2.6.32-431

Create the prefix-list for traffic you don’t want redirected (If your Appliance is on the same interface as clients redirected place the C and P1 here as well):

Create the prefix-list for traffic you do want redirected for your client:

Setup the redirection filter for the clients to be redirected and bypassed:

Set the routing instance for the proxy address of of the proxy at

Setup the RIB group to merge the routing instances:

Enable the filter on the LAN interface in this case ge-0/0/1.0:

Once it is setup you should be able to have filtering as normal :)


I will be creating a troubleshooting guide soon as well so stay tuned!!!


Welcome to, recently I started my Juniper journey coming from a Cisco background, and let me tell you its a whole new experience. I wanted a place to document my trial and tribulations along this journey and to also possible help someone else one day. I hope you enjoy it and please let me know what you think.