I am really having trouble to get our SRXes to log sessions that are not in the state table and get dropped because of that.
For example, if you reboot the firewall and some old NFS implementation keeps sending traffic through the same session, once the SRX comes back it drops those packets because it didn't see a three-way-handshake. However, it doesn't log those drops. Yes, logging on the cleanup rule is enabled.
Best Answer
Packets should be classified regardless of the TCP handshake being watched or not. If there isn't a session defined for that flow (fast path) a new one should be created (first path).
Do you have any screen configured?? Maybe it's the screen that's dropping the traffic.
More details on Troubleshooting Traffic Flows and Session Establishment
Maybe you can configure a log file with traceoptions:
Beware of these traces, since it can cause high CPU load on the SRX if it's carrying a lot of traffic. Limit the filter as much as possible and run it during a maintenance window.