If all of the other parameters match the policy would then compare the traffic's identity with the list of identity groups in the policy starting at the beginning of the sequence and going through them until an identity was found that matched and then the rules for that identity group would be applied.If the traffic's identity did not match any of those listed in the policy it go to the last identity in the policy would be everyone and the Action would be deny.Another formerly implicit protocol that is not supported automatically in 5.2 is port 53 (DNS).
Because those parameters are mandatory there is always a value to test against and whether or not the policy applies is certain.
The current methodology is not subject to the same limitation and alleviates the need for the function of this command so the command has been removed from the CLI.
In previous versions of the firmware, the protocols that were used to authenticate such as HTTP, HTTPS, FTP, and Telnet, were supported on the policy whether or not they were included in the supported services.
The actual configuration of these identities are explained in detail in the Authentication Handbook.
Identity-based security policies are usually configured for IPsec or SSL VPN traffic since this type of traffic usually requires authentication from network users.