BM3.6, NW6 (soon to be) SP5

Objective of the upgrade is to convert the Border Manager to a caching-only
server and transparent proxy.

Current installation has no VPN, no NAT, no packet filtering, no HTTP
acceleration, no login policies. Most of this functionality is taken care
of by a dedicated CheckPoint firewall. Internet access rules and content
filtering will be moved to a dedicated SurfControl server.

There is a current Login Policy Object in the tree, but nothing is in it.
Must I configure a Dial Access System object?

Currently we are using CLNTRUST for access, and I would like to keep this
the same. I know of the issues w/CLNTRUST.

Any other helpful hints and tips are more than welcome. I have already read
and printed much of the relevant bits of Craig Johnson's websites.