@robbo
Ease of installation i certainly something to aim for.
If the gateway will be able to use port 80 and/or 443 with a proxy it will need authentication capabilities Probably NTLM authentication should be included. And I would recommend a large warning note to check company policy on unauthorized devices to prevent accidents.