Greetings, all!

We are trying to abondon a Cisco Catalyst 6506 running CatOS and move to a Juniper EX4500/4200 VC stack.  One of the last pieces of the puzzle is to move a pair of ports that are spanned on the 6506 for Websense web monitoring/filtering to an EX4200, but we are having a bit of difficulty setting up the port mirror.

Cisco 6506 CatOS config:

set span [source interface] [dest interface] both session 1 inpkts enable learning enable multicast enable

Here is the Juniper config I tried this weekend from this document http://www.juniper.net/techpubs/en_US/junos10.1/topics/example/port-mirroring-local-ex-series.html:

# show ethernet-switching-options
analyzer SPAN {
    input {
        ingress {
            interface [source interface];
        }
    }
    output {
        interface {
            [dest interface];
        }
    }
}

When the above config was applied to the Juniper VC stack, Websense was not picking up any traffic as being monitored and was not blocking any websites.

Couple of questions:

1. Am I using an analyzer correctly, or should I be looking more into a firewall policy?  (Am I barking up the wrong tree?  This is my first foray into Juniper.)
2. From what I understand, Websense needs bidirectional traffic capability to block access to certain categorized websites, etc.  Is the EX4200 capable of this?  We also have MX80's for routing.  Should I be looking to port mirror on that chassis instead?

Thanks!