As a variation of the above use case, Policy 2 could be a User Identity policy and Skip this policy for unauthenticated user would not be selected. Sessions from unauthenticated users that are accepted by Policy2 would now require users to authenticate before traffic can connect through the FortiGate unit. The result is different levels of authentication: Single sign on for some users and firewall authentication for others.