Ok that looks correct. It should basically work tho. Are you using captive portal for AD Authentication.
Have you imported an SSL certificate which you purchased on the Zone Director as well as the intermediate certificate. I had to create a DNS A record on my Windows Server DNS server. So gave it a name zonedirector.domainname.com then I requested a certificate for this hostname. Captive Portal normally diverts users to the IP Address of the Zone Director but once the certificate is imported it will divert them to the hostname specified in the certificate. We have the captive portal on a guest Vlan so the internal DNS server cannot be contacted so I had to create the Host A record on our Public DNS hosting service.