Sorry for the confusion.
Both of the examples you link above create security policy at the same hierarchy level. So they merge together and are processed in the order you put them in the policy.
Here are the rules from both kb pasted into the SRX:
root@lab> show configuration security policies global
policy gp1 {
match {
source-address server1;
destination-address server2;
application any;
}
then {
permit;
}
}
policy gp2 {
match {
source-address server2;
destination-address server1;
application junos-ftp;
}
then {
deny;
}
}
policy Pa {
match {
source-address any;
destination-address any;
application any;
from-zone [ zone1 zone2 ];
to-zone [ zone3 zone4 ];
}
then {
permit;
}
}
Note that the global area here is now like any other zone to zone policy area. You need to construct the order of your policies such that the first ones on the list do not override later policies and reorder them as needed.
So there is no real difference between the two examples, they are in the same policy chain and you need to order them as needed.
But none of these will execute if there is a zone to zone policy that applies to the traffic.