I am looking for a Firewall/Gateway solution that supports MultiWAN + LoadBalancing + Squid filtering, all at the same time.

I used to use pfSense, but this is not possible there. Squid excludes LoadBalancing on pfSense. Even Failover is either not very reliable, or impossible to setup on pfSense, at least from my experience.

Apart from that, I need to use one physical NIC with three VLANS:VLAN2 = LAN
VLAN4 = PPPoE WAN - this is where Sophos UTM craps out. They purposefully made a requirement for PPPoE to have exclusive access to physical NIC.
Also, I need it to support USB GSM 3g modems and PPP connections over it. This is something that Zentyal does not do.

Also, and this would be a bonus, I need this to work as an LXC/LXD container. This is something that Zentyal is incapable of. Sure, it installs and runs fine at the first glance, but it turns out that due to Zentyal’s reliance on AppArmor, it is unable to run some basic services when in a container, like DHCP or DNS.

Are ALL those things possible with NethServer? If not, which are not?

AFAIK, VLAN tagged PPPoE is not supported.
3G modems are supported, by not configurable from the interface (command line needed).

And yet MultiWAN + load balancing + Squid filtering = possible?

I have been using it in this capacity since three weeks and as far as I can tell it works flawlessly.

is there any documentation about that?

on network tap i see grayed out two interfaces… but what to do next with them?

I can’t find my notes atm, but you may start from here:

The grayed interfaces have probably been removed from the system, you can’t use them.

