Starlink uses some unconventional configuration between their WAP, the dish, and the app to monitor the satellite connections. That monitoring communication is fixed to address 192.168.100.1, which Starlink expects to exist on the same L2 network as their CG-NAT range (i.e., not routed - same broadcast domain). I had to pull out an old Ethernet switch to make it work with my SRX 550. I used two interfaces on the SRX (one for each network) and brought them together on the little dumb switch.
...then to make it work, I configured one of the SRX interfaces with an address of 192.168.100.10/24 and added that interface to my starlink-untrust zone and my starlink-router virtual router. That was sufficient such that the app on my phone connected to my existing WAP (which routes through Starlink using the other SRX interface) can connect.
