Modify the virtual URL in your IWA General setting to cfauth1.yourdomain.com. In this example the proxy is joined to DraperSupport.local
Create a static DNS entry for cfauth1 pointing to the SG.
Add http://cfauth1.yourdomain.com to local intranet sites in IE on your domain PC's. You can also push this via Group policy
Modify your existing Web Authentication layer. Create a new combined Action Object. Create a new Permit Authentication Error Object. Select the Selected errors radio button. Check the All except User Credentials Required checkbox. Add both the new Permit Auth Error object & your normal authentication object to the combined object.
Create a 2nd Web Authentication Layer. Create a new user authentication error source object. Select the any errors radio button.
Create a new Authenticate Guest Action Object. Enter a Guest Username. Choose your IWA direct realm from the drop down. Select Use realm's surrogate refresh time. Leave Mode blank.
Install the policy and apply all changes.
Now your non domain PC's should show up as Guest & your domain PC's show up like normal.