I have a firewall Watchguard XTM-530 in the perimeter of Internet. The firewall will serve an entire building. The firewall has a content filter enabled, so the firewall must known who is the user sending a request to the Internet.
The clients computers have their own default gateway that connect to an MPLS, so the firewall can not be default gateway. I've installed a Squid proxy server but I can not see the real IP Addresses of the computers.