While I routinely build the gateways and clusters on ESXi, none of them were production bound.
So I am just extrapolating from my previous experience here: so long as it is a dedicated host with hyperthreading disabled, you should be able to do this.
If this gateway is running on a dedicated host, you may have to play with DPIO to get the maximum performance out of it, but keep in mind that it'll prevent you from using snapshots, Vmotion, HA and FT.
I am cuirious to know if you are offloading the HTTPS and SMTP TLS decrypts to external device, do you then pipe it in the clear through this gateway, or is it processed elsewhere? Are you going to enable CIFS snd SMB inspection on it as well?