Hello,
It is a good idea to set TCP-MSS value for all the TCP traffic going through VPN which can avoid fragmentation.
set flow all-tcp-mss - applies MSS to all clear text traffic which includes traffic before encryption and after decryption.
set flow tcp-mss - applies to traffic that is getting encypted through VPN.
set flow vpn-tcp-mss - applies to traffic is getting encrpted or is decrypted as well. So it is bidirectional.
'set flow vpn-tcp-mss' could be a good choice which is a global parameter for all tunneled traffic.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB6346&smlogin=true&actp=search
Regards,
Rushi