One BM server inbetween four networks and Internet.
Two out of four of the networks will access Internet without
authentication but they will still passthrough and fill/use the
transparent proxy. No more restrictions will be applied on these networks.
The other two will be let out on the Internet based upon their identity
in eDirectory, so they will be prompted to authenticate through BM.

Is it posible to set it up like this?
Do you only have to set up two access-lists (at the top) letting the two
networks without authentication out on the Internet without restrictions?
What happens when you "enable access-control" and make it enforced?

Please help me with this...