When establishing the scope of a security policy for an external network protected by a DNS firewall, it is permissible to include overlapping subnets that contain IP addresses, hosts, or subnets already defined in other security policies within the organization. In these instances, the precedence of security policies will dictate which policy takes priority, applying the one with the highest precedence to the respective IP addresses, hosts, or subnets. Additionally, subnets that have not been allocated to any existing security policy within the organization can be incorporated into a different security policy under the same account.
If a public IP address or subnet is mistakenly added to an organization's security policy and has already been registered by another organization, the system will prevent its addition. In this scenario, the organization attempting to add the IP address or subnet will receive a notification, as overlapping public IP addresses or subnets between organizations are not permitted.
For information on network scope, see Configuring Network Scopes.