Captive Portal for external / inbound traffic ?

  • pfSense noob here…
    I currently have a watchguard XTM 330, and am considering moving to pfsense.  One feature I have on the watchguard is the ability to restrict inbound traffic (FTP, RDP, etc) to only users that have authenticated over HTTPs to the router.

    I saw a similar question asked about 6 years ago, and the response was that Captive Portal was not a feature for external / WAN interfaces.  Is that still the case, or has it changed?  If it is still the case, is there any other way to authenticate restrict open ports to authenticated users?    I am trying to avoid vpn if possible.