For certain features like Paypal or Facebook authentication certain web pages must be accessible before the user gets authenticated.

Best practice:

1. create an extra policy e.g. P_www_free_access

Configuration > Security > Access Control > Firewall Policies

(destination:www_free_access, service svc-http, svc,https, action: permit)

2. add domain names (Rule Type: name)

Configuration > Advanced Services > Stateful Firewall > Destinations