Juniper Packet Processing

Order of enforcement:
1. Existing session? If Yes, perform a route lookup and send packet to upstream MAC of route entry. Route lookup is done on 5.x because routes may change.
2. Is TCP-SYN-Check enabled? If Yes all out of state packets are dropped.
3. Is there a route to destination? If not, drop packet. If yes, perform route lookup.
4. Performs policy search from ingress interface zone to egress. Policy match? No, drop packet. If yes, go to step 5.
5. Does the policy or interface have NAT configured? Perform translation if NAT is configured.
6. Create a session ID.
7. If no MAC entry exists for IP address for the gateway, an ARP request is sent out the destination interface. If an ARP exists, the packet is sent out the egress interface.