The allowed Sources in the Location tab of the User Properties window specify that the user to whom a User Authentication rule is being applied is not allowed access from the source address, while the rule itself allows access. To resolve this conflict, you will have to:
A.
Create an administrator account in place of the user account
B.
Install your rule base
C.
Re-create the user object
D.
Select Allowed Destinations field in the Network Object Properties
E.
Configure User Authentication Action Properties screen