Yes, the Palo Alto gateway is correct and the external interface also has the correct IP.
The only notable difference here was that this Palo Alto is a Virtual device in AWS so that means the Untrust interface of the Palo Alto sits behind a NAT.
However, we checked this with a physical Palo Alto and the same error occurs.
All the trial and testing we did points to some issue on the Juniper but just not able to catch what it could be.