Having some issues with an SRX dropping the return traffic because it thinks it is a new flow and doesn't belong to any existing sessions and says "packet dropped, first pak not syn".
security flow trace appears to have matching flow data but the return traffic gets dropped.
SRX is trying to connect to a remote secondary identity management server across an IPsec tunnel that is terminated on the SRX itself. This connection to the identity mangement server is sourced from a revenue port. This same issue occurs with an SRX trying to download threat intel feeds from a policy enforcer server across the same IPsec tunnel. Any traffic sourced from inside the firewall on the same subnet works, it is only traffic sourced from the SRX itself.
I have included the output of the security flow trace debut basic-datapath as an attachment
Return dropped Jun 25 13:57:43 13:57:43.722769:CID-0:RT: ge-0/0/2.0:10.254.255.130/9443->10.254.254.254/59093, tcp, flag 12 syn ack Jun 25 13:57:43 13:57:43.722834:CID-0:RT: find flow: table 0x4ec03d8, hash 5292(0xffff), sa 10.254.255.130, da 10.254.254.254, sp 9443, dp 59093, proto 6, tok 7, conn-tag 0x00000000 Jun 25 13:57:43 13:57:43.722848:CID-0:RT: no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0 Jun 25 13:57:43 13:57:43.722848:CID-0:RT: packet dropped, first pak not syn Jun 25 13:57:43 13:57:43.722848:CID-0:RT:flow_initiate_first_path: first pak no session