I have TMG with a PFSense router/firewall in front. Supermule,
TMG has L7 and is much easier to setup than all the 3rd party software in PFSense. If anything doesnt work, its difficult to see what is the reason for it.
Furthermore the logging in TMG is much nicer. Keep the TMG.
I am running 1.2.3 since performance has deteriorated and NAT reflection is broken in all the 2.0 releases I have tried.
Not trying to be offensive and sorry if it sounds like but why you keep trying pfsense as you prefer and recommend TMG to every user on this forum? canefield,
This setup can be done with pfsense, it will need some extra package to reach the best config and performance.
The tcp services you want to balance can be done using built in load balance on service menu.
squid+squidguard+havp as well squid+ dansguardian can do proxy with antivirus for internet access.
haproxy will be almost as easy to configure as load balance built in service and will do tcp,http and https balance/failover.
The hardware will depend on throughput you need but with all these features, I suggest at least a core 2 duo + 4g ram + fast disk + amd64 version.
posfix forwarder + mailscanner package can do a really good job on protecting your exchange server from internet and can also be configured to outbound messages from exchange.
Use custom install setup to create /usr and /var filesystem with softupdates, this will increase your disk performance(important for cache and spam filtering)