I think a very easy scenario that gives you redundancy could be the following:
- MWG7 deployed as explicit proxy
- Squid deplyined as explicit proxy
Both systems are on the same subnet and have different IP addresses. You can create a PAC file and host this on a Web Server which is accessible from the Clients. The PAC file should be mandatory and configured to the Client computers. The PAC file will tell all browsers to browse through MWG7 and if that fails through Squid.
Only in the case MWG7 is not reachable the browsers will use Squid to get out to the internet. You certainly need to make sure that your Users do not switch the browsers configuration from Proxy.PAC usage to explicitly use Squid, because that will allow them to bypass all filtering.
You can certainly deploy MWG7 transparently. You can put it between Squid and Firewall in transparent bridge mode for example, without the need to change anything on the clients or the network. The downside is that if either Squid or MWG7 goes down, Internet Access will fail.
I hope that gives you some ideas.
I'll do something like your choices.
MWG7 explicit mode and all browsers configuration to proxy FQDN, so when the MWG7 going down I will change the FQDN ip address in DNS and the navigation will be with SQUID Proxy and deploy this configuration with Windows GPOs.