I have a hard time finding any definitive information on what exact features work / exist in packet mode (set security forwarding-options family mpls mode packet-based).
Security policies / NAT are of course not working, but what about zones? Do they exist? What else is still there? Or better: what is NOT working with packet-based mode?
In packet mode, SRX processes the traffic as a traditional router on a per-packet basis. It supports only stateless firewall filter in this mode. Other firewall features like security zones, stateful firewall, NAT, IPSec, UTM services will not be supported in this mode.
Everything under the security stanza does not work in packet-mode:
security policies, NAT, IPsec VPN, zones, screens, ALGs and security features like IPS, UTM and Sky ATP.
I guess macsec would work. 😉 - but I know what you mean.