Is it reasonable to assign different IPS sensors per firewall policy (high_security vs all_default)?

Hello,
 

I would like to ask for confirmation regarding firewall policy design and IPS sensor assignment on FortiGate VM (PAYG) running on Azure.
 

I am reviewing whether the following change in IPS sensor assignment is reasonable from a general best practice and operational perspective.
 

Policy change (before and after)
 

Before
- Policy 1: IPS sensor = all_default
- Policy 2: IPS sensor = none
 

After
- Policy 1: IPS sensor = high_security
- Policy 2: IPS sensor = all_default
 

Policy intent
 

Policy 1
This policy handles specific and limited traffic where source, destination, and service are strictly defined.
A stricter inspection level (high_security) is applied to protect important communications.
 

Policy 2
This policy broadly permits other traffic.
A baseline IPS protection (all_default) is applied to provide minimum security coverage.
 

Questions
 

1. Is this IPS sensor assignment strategy, applying high_security to critical traffic and all_default to broader policies, generally considered reasonable?
 

2. When applying high_security, are there common operational concerns such as false positives, unexpected blocking, or latency that should be considered?
 

3. For a broad catch-all policy, are there any recommendations or cautions when applying all_default, for example performance impact with high traffic volume or tuning considerations?
 

This is not a bug report.
I am mainly looking for general confirmation and best practices.
 

Thank you.