Caching proxies are really not as beneficial these days given the large Internet pipes, even your 20/1. They slow the Internet experience because you are constantly working from the cache by writing to/checking if exist/reading from disk, even with SSD. The Squid package in pfsense is what you would use for the transparent proxy which will proxy non-encrypted traffic. Not much these days is non-encrypted so benefit varies. You can do encrypted traffic cache proxy by configuring certificates you install on all client devices, but headache if you have many devices. There is another way to do encrypted caching without certificates, but can give some browsers/devices fits. It used to be good for caching Windows update stuff, but MS changes delivery and becomes unreliable and you are always having to tweak the filters to capture the updates to cache. The QoS is no where near as simple to configure as one would have experienced with Toastman Tomato. There are books, videos, etc. on it though. Pi hole (ad blocking) can be done with pfblockerNG and works extremely well, add Snort for IDS/IPS.