Thank you for your post. In answer to your questions:
- You can implement CG as a transparent Gateway. Refer to http://www.cacheguard.net/doc/guide/transparent.html
for further information.
- The embedded DNS can be disabled but your own external DNS.
- The caching can be disabled.
- HTTP protocol is only inspected in reverse (proxy) mode (to protect Web servers) so there is no protocol inspection in transparent forwarding mode (but URL inspection only).
- In transparent mode, incoming Web requests from the internal interface of CG are transparently intercepted by the embedded proxy
so outgoing Web requests are sent using the external IP address of CG (so you'll get a kind of NAT).
- You can allow or deny URLs using your own regular expressions and list of domain names and URLs.
- CG embeds it own AV (based on ClamAV) so you don't need to connect it to an external AV.
I hope that my answers are clear enough. If you need clarifications, please don't hesitate to posts your questions here.