@amitaussie:
Registered Pfsense Users=Min. 4000 (using Local database as Radius may not able to provide the option to users to change their passwords on their own as Local database gives this option)
Hmm, are you going to give your 4000+ users access to the pfSense webGUI to change their passwords on their own?
Anyway, if I understand you correctly, you want to use pfsense's CP to authenticate users, then use Squid/SquidGuard/Sarg/HAVP/Snort to mitigate network threats and log usage. Generally speaking, for a load of ~500 concurrent users I'd split the functionality: run router/firewall on pfsense VM & transparent proxy on another system (note: I understand that virtualized FreeBSD's disk i/o performance is rather problematic).