Proxy Policy Web Filter by User group

I have enabled transparent proxy and setup a proxy http redirect rule in the ipv4 policy to send it to the proxy policy. Within the proxy policy I have setup several policies, each with a different Active Directory / LDAP user group. (so students get one policy, teachers another, etc). The policies are not being applied, instead it's not matching those rules and is sending it down to my "catch all" rule I put in place for users that were not identified.  You can clearly see 0 bytes had matched against the rules...and all the traffic is matching to my last rule.  If I go to the log files, it clearly shows the user ID and if I go to the FSSO activity screen I can see users and their associated groups (so the UTM is aware of who it is...but isn't matching the rule.  Picture is attached.  I'm probably missing something stupid simple, but it's had me stumped all day. Anyone got a suggestion?