Hello MWDaly,
It's an interesting diagram. It appears that your Private network sits inside the customer network with limited access to outside world.
In your configuration, there is no static NAT or destination NAT. Also, Source interface NAT is being used.
That means all the traffic from zone 1 to Internet are being NAT-ed to only 1 IP i.e. on ge-0/0/0 interface.
Therefore, I believe generally there is no traffic initiated from outside to reach this PC.
Also from your replies, I see that you are looking for a solution which does NOT involve talking to customer IT admins 🙂 .
I think a proper solution will be #3 in my previous update.
But if you want , you can also try to see if "persistent-nat" may have a solution. It is different from already configured "address-persistent" which IMHO is not needed in your setup.
Persistent NAT allows the firewall to maintain the IP/PORT mapping upto a configurable time-interval even after the initial session expires. This is NOT a true destination NAT and will need your PC to initiate a session once before the customer's domain can send updates to the PC.
Take a look at it :-
https://kb.juniper.net/InfoCenter/index?page=content&id=KB20711&act=login
Be cautious while testing it as it may have some impact on the network which I can't predict without knowing the details of your network.
Thanks!