Thanks muppet for letting me know about wireshark! My problem suddenly stopped so I didn't try it on that comupter, but on mine
Anyway, after some 10 days of (Juniper) working nothing bad happened. Then I made restart, and at the moment it has worked for 9 days and there were never more than 200 sessions in that time, usually around 100. I can't understand. The only thing I did on that one computer I mentioned above was that I manually ran the Spybot Search & Destroy which was scheduled to run in Fridays, and it found nothing to remove except one thing: with group policy or what there were some notifications about security problems just removed - nothing special. And I remind that it has been before that outgoing traffic slowed down more than once a week, not just after Fridays, when Spybot perhaps couldn't automatically download new definitions and hanged somehow.
At the moment in Saturdays night it has ran for 9 days 9 hours and it has only 16 sessions.
But... Yesterday I replaced a Zyxel Zywall 5 with Juniper SSG5 in another company and things were worse! Within hours the session table was so full that outgoing traffic just didn't exist anymore. When I pinged some public IP from inner network I didn't get anything, but when I pinged from SSG5, it pinged with 100% success.
I made the session analyze with Tim's good tool and it also turned out that more than 99% was UDP and there were 6 machines where from the traffic came from. Disabling Trust->Untrust default traffic for some seconds made everything clear, and then the number of sessions started going up pretty fast again (about 10 sessions per 1 second) and then slowed down a bit. After hours (half an hour ago) I made "session clear src-ip <ip>" for all the "best" six machines (when SSG5 had 1700 sessions and the best of them 461!) and it looks like it is going to start again, but not that fast.
I searched about Skype and Juniper but didn't find nothing special. Only that there was exactly the same case somewhere in a hotel when a client opened his computer with Skype windows open and immediately his MAC was blocked by hotels firewall because that Skype UDP traffic looked like an attack from inside.
Could it be that Skype as an example of P2P program, takes down Juniper SSG5? Because when Skype keeps running, whoever else can use this company's internet resource to redirect Skype traffic (by pinching holes into firewall as it does)?