...terminate one or two of your sites to the Palo and evaluate it 
We just migrated to Palo firewalls and we switched our IPSec VPN architecture over also. We have Cisco routers at a dozen or so remote sites with static public IPs that terminate thier IPSec tunnels back to the Palos at HQ. Prior to switching our VPN over, I did a lot of lab testing with different IPSec VPN scenarios such as full mesh, hub/spoke, static VPN routes and found that I found that the Palos are very versatile and and seem to handle almost any design.
We use Cisco at the remote sites, but Juniper routers should work just as well...the SRX series for example, can do policy based or route based VPN. I used this guide for our set up...but for your Juniper routers you will just have to do some lab testing for the VPN termination architecture.
How to Configure Dynamic Routing over IPSec against Cisco routers:
https://live.paloaltonetworks.com/docs/DOC-2250
As for your stability comment about Juniper releases...I know what you mean. We use the Juniper SA Series and the software releases upset stuff very frequently.
The stability of your new design would be determined by how often you upgrade software on your remote Juniper routers and on the Palo. Because you will be working with the dedicated Palo hardware (vs your current VPN termination approach using the Juniper NSM), I don't expect core features (such as IPSec) on the Palo changing as much where it should cause stability issues with VPN tunnels.
