STAS allow un autherised users to access the internet
STAS to allow unauthenticated users internet access. We use STAS to map ~IP against users for web use monitoring, we don't want to restrict non authenticated users or annoy them with having to login to the XG.
During identity probing, client traffic is restricted, and not subject to firewall rules that would later allow unauthorized clients. This behavior has been made configurable, so users may choose whether to restrict clients during probing or not.
So create a firewall rule for only unauthenticated users and only give them Internet access.