New User Auth

What can I do here?

Use this window to define User Authentication properties for the Rule:

How to handle the user when the allowed location of the user is different than the location allowed to the user in the Rule.
Access to HTTP servers

Getting Here - Security Policies > Access Control > Policy > Action column > More > In the Actions Settings window select User Auth > click pencil icon:

Note - The User Auth option is available for layers that only have the firewall blade enabled.

User Auth Options

Source/Destination

Intersect with User Database - The more restrictive access privileges of the rule and the user account properties are applied. If the User Properties > Location for a user does not allow this location, the user will be denied. If the rule blocks the user, the user will be denied, even if the Location is allowed.
Ignore User Database - Access is given or denied according to the rule. The user account properties are ignored.

HTTP

Allow Predefined Servers Only - Activates the Reauthentication options defined for the HTTP servers, and allows users to access only the servers in Global Properties > Security Servers > HTTP servers.
Allow All Servers - Ignores Reauthentication options. If you are in transparent mode, it is not necessary to define the servers.

Best Practice - Use Allow All Servers with caution. It allows users to continue to any port.