When client.effective_address object is used under Web Authentication layer, it will interrupt with other rules below.
Even though the rule does not match and also shows up as "miss" from policy trace, any of the rule below does not take effect and authentication process is not processed correctly.
This is reported as defect number SG-8350 and fix was contained in SGOS 6.7.4.4 or later.