Summary:

Options for learning "Who's using this IP?":

- AD (Security Event Logs)

- Captive Portal (Browser)

- Agents (Endpoint or Terminal Services)

- VPN

1. Enable Identity Awareness

2. Create Access Roles

3. Create security rules  

Details:

1. Enable Identity Awareness

Here we are using both AD and Captive Portal. 

This is Captive Portal setting. 

This is Captive Portal setting. Note the URL says, for any unidentified users, you will be re-directed to this https URL. We use external interface IP for this purpose. By default, you might see internal IP because it's based on your management interface. You can enable captive portal on all interfaces, here is how:  

Note, this does NOT mean the gateway will stop everybody trying to hit the firewall, you still need a rule to take it in effect. 

By default, you will use self-signed certificate, but you can change it to a PKI signed:

Note, here you can tweak how you want IA configured

2. Create access roles 

3. Create security rules 

Make sure you also have LDAP and DNS rules allowed.

To test:

Check firewall logs:

-Yu