You do not need an inbound policy for this. Policy is written in the flow direction of the host that initiates the session. So your policy now is correct. The next thing to verify there is that the policies from zone 20 to untrust are in an appropriate order and move them if needed.
If this is the only policy then we need to get more information. The instrucitons here can pull a file showing how the SRX is handling the session packets.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110