Open Source for
If you have the intel NUC's for free you can throw on PFSense + SQUID to get what you need
Squid supports caching of Windows Updates with a little hacking - http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
Caching can be done to the SSD to conserve bandwidth for general http traffic
If you want to do filtering there are some options but a DNS Based solution via OpenDNS would work well, filtering rules on the firewall to block outbound UDP 53 to anything apart from the PFSense box would also stop somewhat IT persons from changing their DNS and bypassing the filter
You would need to also include a vlan capable switch to bypass the single ethernet port limitation of the NUC
There are also Hardware based PFSense appliances that support USB and multiple interfaces, the trade off here is the cache would need to be an SSD or Mechanical drive in a USB Case and the CPU power of these boxes is minimal compared to a NUC especially when caching is involved.
Depending on the hardware, you would also have the ability to have the config file on SDCards that can be posted in case of failure or have a cold spare there waiting in case of failure.
Biting the hand that feeds IT
