the WS system listens to traffic on a mirrored switchport, i.e. the network traffic doesn't have to flow direct through the WS server.
Hi,
1. there are several ways to handle mobile/laptop users, including WPAD proxy settings, transparent mode, and possibly the Sophos Endpoint Protection.
2. The UTM can run as a proxy with a single NIC if desired; afaict the only difference between the UTM and the Web appliance is the licensed features.
The UTM can run the proxy in standard or transparent mode.
Barry