No, the ProxySG does not cache NTLM credentials; they are encrypted.  Instead, the ProxySG maintains two types of credential caches:

• Server-side credential cache—The credential cache is only for BASIC authentication. If NTLM falls back to BASIC authentication, the credentials are stored here.

• Client-side credential cache—This credential cache stores "surrogate credentials" for all authentication types except BASIC. Surrogate credentials are credentials that are accepted in place of the user’s real credentials. After a user is successfully authenticated, the ProxySG stores a surrogate credential, which can be an IP address or a cookie. The next time the same user makes a request, the ProxySG will use the surrogate credential rather than challenging the user again.