Preprocessing must function before Appid to reorder and reassemble the fragments of each packet in case the signature pattern is splitted over 2 fragments for example and to avoid fragmentation anomalie ....
The question here : why do i need preprocessing when TCP can already perform this function ???
Without being 100% precise in the defintions I will give it a try 🙂
for AppID to work the firewall needs to take fragmented packets, keep them in-memory until the entire PDU is received and reassemble them in-memory to figure out which App the packets relates to.
When doing normal L4 firewalling with NAT the reassembly doesn't need to be done on the firewall/router. It just needs to decide if there is a matching session and if NAT-rules needs to be applied. Rreassembly of fragmented packets are handled at the destination where they are handed over to the higher layers in the OSI model.
A reference scheme for the Junos flow module can seen below. It's in the services part that the preprocessing and reassembly happens.
If you do not have any L7 services enabled on the FW there will be no reassembly. Re-assembly is only needed if you need to do inspection. That is why pre-processing is necessary if you have App-ID or IDP enabled.