I'd seek some sizing guidance from an SE based on average requests per second rather than user count or bandwidth at those relatively low levels. Your practical limiter is going to be CPU, I reckon, rather than bandwidth per se. AV will impact CPU. The bandwidth throughput ... is sorta orthogonal there.
I'm not sure what failure mode you're asking about with fail open. In an explicit deployment anyway, if the gateway itself goes down, you ain't gettin to the internet. I'm not sure if there's a hardware bypass kit available for that scenario as I've seen from other vendors wares.
I personally wouldn't deploy any fewer than 2 web gateway appliances. At the very least have a virtualized one at the ready. With how web gateway is licensed based on fleshy human counts (at least in our case with the content security suite), there's not reason not to chuck another relatively inexpensive hardware appliance at things to get some redundancy and load balancing.