Authentication determines who the user is and their group membership, if configured or received from an external source. This in turn determines the level of access available to authentication-enabled services.
Most web filtering policies need mandatory user authentication. Typically, unauthenticated users are prevented from accessing authentication-enabled services such as the Internet.
Firewall services typically classify unauthenticated users as Unauthenticated IPs. Unauthenticated users might only have limited access to authentication-enabled services is available to this group, or even no access at all.
In any case, a failed authentication attempt results in either a request to retry authentication, or an error.