You have created an Access Control List (ACL) on the ProxySG / ASG appliance. However, even if you access from a restricted source address (not allowed by the ACL) you are prompted for credentials before the access is denied. You do not want to be prompted for credentials, instead the connection should be denied or reset straight away.
This is by design. The ACL configuration is under Authentication (Configuration/Authentication/Console Access), will not block the Login Prompt.
The objective to not see the login prompt and straight away deny will have to implemented on a Firewall before the Proxy.