When defining a security policy scope for an external network behind a DNS firewall, overlapping subnets containing IP addresses, hosts, or subnets included in other security policies within an organization are allowed. In such cases, security policy precedence determines which security policy with the highest precedence applies to the IP addresses, hosts, or subnets. Subnets not already assigned to another security policy within the organization can be added to a different security policy within the same account.
If a public IP address or subnet is mistakenly added to an organization's security policy and has already been registered by another organization, the system will prevent its addition. In this scenario, the organization attempting to add the IP address or subnet will receive a notification, as overlapping public IP addresses or subnets between organizations are not permitted.
For information on network scope, see Configuring Network Scopes.