Juniper SRX Traffic Processing

Some pointers to documentation in juniper.net that describe the traffic processing in Juniper SRX platform:

• Juniper Networks Devices Processing Overview (Junos 12.1X47)
• Flow-Based Processing Feature Guide for Security Devices (Junos 12.1X47)
• SRX Getting Started — Troubleshooting Traffic Flows and Session Establishment (KB16110)

Short version of the processing order:

1. Per packet policer
2. Per packet filter
3. For new sessions:
   1. Screens
   2. Static NAT
   3. Destination NAT (if no match for Static NAT)
   4. Route and forwarding lookup
   5. Zone lookup
   6. Policy lookup
   7. Reverse Static NAT
   8. Source NAT (if no match for Reverse Static NAT)
   9. Services ALG
   10. Session setup
4. Fast path processing:
   1. Screens
   2. TCP
   3. NAT
   4. Services ALG
5. Per packet filter
6. Per packet shaper