For certain features like Paypal or Facebook authentication certain web pages must be accessible before the user gets authenticated.

Best practice:

1. create an extra policy e.g.  P_www_free_access

**Configuration > Security > Access Control > Firewall Policies**

(destination:www_free_access, service svc-http, svc,https, action: permit)

2. add domain names (Rule Type: name) 

**Configuration > Advanced Services > Stateful Firewall > Destinations**