Hello,

Is this allowed to use multiple policies assigned to a single App via tags? Is it possible to predict the behavior in such a scenario?

App A
Server ABC
Tag: A

App B
Server XYZ
Tag: B

App C
Server WWW
Tag: A, B

Policy A
Allow Group A
Managed
Client
Tag: A

Policy B
Allow Group B
Managed
Client
Tag: B

Policy A - block
Block all
Client
Tag: A

Policy B - block
Block all
Client
Tag: B

User A - member of group A
User B - member of group B
User C - member of both group A and B

Will users A, B and C be able to reach server WWW?

We assume that blocking policies have fewer conditions, so they are processed later.

Regards