Thank you for your fast response.
Actually we have tested 50+ attacks. Juniper gave wonderfull performance especially for TCP attacks.
But for unknown protocols , ACK , small UDP floods, and SPOOF UDP packets locking the internet connection
We have checked nearly any case on the device
syslogs
spc cpu
npc cpu
routing engine cpu
session counts (not a criteria because ack attacks and udp floods form same source does not create session)...etc.
and we tested multiple conditions
blocking with :
policy
filter
ips
custom signature
packet size
ttl
....etc
nothing change , if this type of attacks goes over the screen SRX losting internet connection .
And as far as we know Multiple NPCs cannot bind to one IOC, each NPC will bind to a separate IOC.
we decide that this is a pps issue.
so we plan to buy 2 more npc with 2 more 10G ioc cards send a load balanced or LAG traffic or we will buy 3 more SPC to get expected performance
because we need to use firewall policy's in more then 1.5M + small pps .
But we can not be sure what if really the problem it is or not