I have a colleague that is using pfsense
to run a similar setup, It's based on m0n0wall
, which is a freebsd firewall distro which has been cleverly modified to use an XML file for config, instead of the /etc folder. m0n0 is based on the 'less is more' concept of security, but pfsense has the ability to add modules (most are in beta atm, with the exception of squid & snort) It also supports CARP (open source version of ciscos HSRP/VRRP), service based traffic shaping and most importantly for you "outgoing load balancing pool"
It is (at the risk of starting a flamewar) widely regarded in the security world to be more secure than it's linux counterparts (ipcop, smoothwall, etc.) & although any deviation from the less is more rule introduces greater opportunity for exploitation, as long as you stick to squid & snort as your only add on packages you should be ok.