If all DHCP servers bind to a mac address you need to connect one cable from the sw to mikrotik interfaces for each address.Thats the option we'll go for it seems...
What will the second cable to? Theres 4 public addresses, can all those be passed by the second cable?
I use GPO to force proxy settings on my users. This way I can use proxy for port 80, 443...Thanks normis, what way could I audit SSL traffic? not content of course.
I ment: you can't use https on a transparent proxy.If you block all except google they can't search anything because you are dropping all searchs.
BTW, why can't you block it if to use HTTPS?You could use Web Proxy if it's not HTTPS.
/ip firewall nat add chain=src-nat action=src-nat to-address=<your LAN IP, for example 192.168.88.1> src-address=<your lan network, for example 192.168.88.0/24> dst-address=<your WAN IP> out-interface=<your LAN interface, most likely bridge-local>