Merging two policies with conflicting settings.

Question

Hi;&nbsp;
When I merge a policy2 with Enforcement Mode of block and disabled signature staging with policy1 with Enforcement Mode of transparent and enabled signature staging. The merging is to be Automatic with maintaining the conflicting settings on each policy.&nbsp;
What would be the resultant setting here?&nbsp;
would it be transparent/staging enabled? My working colleague is telling me it is Blocking/staging enabled.&nbsp;
Kindly
Wasfi&nbsp;

chris_grant · Answer

Because these are both global settings you can't have a mix and match. Any time you merge policies you should review the resulting policy for potential problems. Our documentation on this is very old, but it appears that if either policy has staging enabled, staging will be enabled on the attack signatures in the new policy. Some decisions depend on which is the primary policy and which is the secondary, and it is not clear if the global blocking setting is one of these. I would not say that your findings are unexpected, though.

Forum Discussion

Merging two policies with conflicting settings.

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Syslog Filter Configuration for Separating Audit and LTM logs.

Use F5 APM as Forward Proxy

Forward proxy with SSL passthrough - SWG license required?

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

F5 Software Downgrade from version 17.x.x to 15.x.x

Related Content

Fine-Tuning F5 NGINX WAF Policy with Policy Lifecycle Manager and Security Dashboard

LTM Policy

iControl REST Cookbook - LTM policy (ltm policy)

Setting up persistence in F5 XC

Minimizing Security Complexity: Managing Distributed WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS