Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

forward-header-lookup

Syntax

Hierarchy Level

Description

Identify user IP addresses behind proxies to improve user tracking for security policies. When an XFF header is present, the device uses the client IP from that header as the source identity. When no header is present, the device uses the source IP address.

Options

trusted-proxy

Configure to allow header-lookup only for sessions from specified IPs. If an untrusted IP exists in the proxy chain, the session's source-identity becomes UNKNOWN.

verify-proxy-chain

Validates every proxy for a session to ensure trust, even when multiple proxies exist between the client and the firewall.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 25.4R1.