Several commercial products require use of varying and non-sequential UDP and/or TCP ports. If these ports are not going over the same ISP at the original request that provided the authentication, the product fails. This situation can easily occur if I create multiple outbound policy statements, using the same routing method, all packets may or may not use the same ISP (depending on a variety of factors).
A good example is Apple iChat (text chat, audio, video, file sharing ports), AIM (text chat, audio, video, file sharing ports).