Automatic Policy Building Learning limitations

b. Yes, response codes are part of learning, meaning you should see a learning suggestion for the 410. It is flagged as "Illegal" because 410 is not allowed by default when you use the Fundamental policy. You can add 410 via the security policy properties screen, or accept the suggestion--which should be to add it as an allowed response code. Because the request which resulted in the 410 came from a trusted IP address, this code will be allowed automatically after the staging period expires. Until then, you will see suggestions for it.

c. Yes these are expected. The Fundamental template includes multiple HTTP RFC compliance checks. By default, the automatic policy you created was in blocking mode, but you changed it to transparent (not a bad thing) so the suggestion is to turn on blocking. You can also disable the "learn" or "block" checkbox for these violations (and any violation) if it makes sense for your app.

d. Changes will be applied automatically AFTER the learning period has expired. Even for trusted IP addresses, there are still metrics involving how many requests need to be sent before changes will be applied. You can see these metrics in the policy building section of the learning and blocking page.