Preprocessing must function before Appid to reorder and reassemble the fragments of each packet in case the signature pattern is splitted over 2 fragments for example and to avoid fragmentation anomalie ....
The question here : why do i need preprocessing when TCP can already perform this function ???
Without being 100% precise in the defintions I will give it a try :-)
for AppID to work the firewall needs to take fragmented packets, keep them in-memory until the entire PDU is received and reassemble them in-memory to figure out which App the packets relates to.
When doing normal L4 firewalling with NAT the reassembly doesn't need to be done on the firewall/router. It just needs to decide if there is a matching session and if NAT-rules needs to be applied. Rreassembly of fragmented packets are handled at the destination where they are handed over to the higher layers in the OSI model.
A reference scheme for the Junos flow module can seen below. It's in the services part that the preprocessing and reassembly happens.
-- Best regards,
Jonas Hauge Jensen Systems Engineer, SEC DATACOM A/S (Denmark)
If you do not have any L7 services enabled on the FW there will be no reassembly. Re-assembly is only needed if you need to do inspection. That is why pre-processing is necessary if you have App-ID or IDP enabled.