When establishing This document explains the conditions under which overlapping external subnets can be included in a security policy scope and the precedence rules governing their application.
Notes
The highest precedence security policy takes effect when multiple policies overlap.
Subnets not allocated to an existing policy can be assigned to another security policy under the same account.
Public IP addresses or subnets cannot overlap between organizations.
Notifications are generated when an attempt is made to add an already registered public IP address or subnet.
When defining the scope of a security policy for an external network protected by a DNS firewall, it is permissible to include overlapping subnets that contain IP addresses, hosts, or subnets already defined in other security policies within the organization . In these instances, the can be included. The precedence of security policies will dictate determines which policy takes priorityeffect, applying ensuring that the one policy with the highest precedence is applied to the respective IP addresses, hosts, or subnets. Additionally, subnets that have are not been allocated assigned to any existing security policy within the organization can be incorporated into added to a different security policy under the same account.
If a public IP address or subnet is mistakenly added to an organization's security policy and has already been registered by another organization, the system will prevent prevents its addition. In this scenariocase, the organization attempting to add the IP address or subnet will receive receives a notification, as overlapping public IP addresses or subnets between organizations are not permitted.
For more information on network scope, see Configuring Network Scopes.
...