Why not just do the filtering in the cloud = no appliance at the site. Just point your clients to proxy at one of the major clusters in your area. Have lots of experience with this sort of product from websense, I thought bluecoat was going that direction as well.
Unless you home run your internet back to one location, which isn't very cost effective for that sort of traffic - you put in cheap internet access at your locations. Then do you content filtering so your users are surfing porn in the cloud. Filter the outbound traffic so they can only talk to the proxy networks from the company providing the service, and there you go done deal.
You just manage your rules via a web gui, etc.
Appliances are so yesterday
Whats an added benefit to this type of solution is you can filter your users work machines, be it they are at your location their home or starbucks if you so desire. The update of bad sites in specific categories are real time pretty much - so if new bad site is found, you don't have to worry when your appliance has called home and updated its database, etc.