Hi. I'm trying to figure out whether the Network Firewall policy has a higher precedence than IP Intelligence Policy.
My goal is to put a general IP Intelligence policy on a virtual server, but then establish a whitelist of a few IPs using a regular Network Firewall policy that explicitly allows those IPs. But whether that strategy works or not depends on what the precedence of these two policy types are.
I would say it depends where the items are located. The AFM goes through the policy from Global -> Route Domain -> Virtual Server. If you put your IP whitelist on the Route Domain with accept decisively and the IPI policy to the virtual server, it should work