Yes, it does.
From page 14.
Authentication functions of the appliance filter users, using information from internal and external
databases and methods such as NTLM, LDAP, RADIUS, Kerberos, and others.
From Chapter 8 on Authentication.
— You can configure authentication for users who send requests for web access under a standard protocol, such as HTTP, HTTPS, or FTP. When the authentication rule set of the default rule set system is enabled, user information is by default retrieved from an internal user database.You can change this setting and configure a different method, such as NTLM, LDAP, Kerberos, and others.
Also: See table 8-5 on page 143 for more information on NTLM.