Not being very familiar with the traffic shaper, I find it hard to fully grasp yet (all the queues and such), but something you might consider adding eventually is an ultra-simple "shape by interface" setup.
For example - I have a LAN, a DMZ, and an untrusted wireless DMZ. I want the LAN and DMZ to have unfettered, top-priority access to the WAN bandwidth, and give some of what's leftover to the wireless DMZ, with a cap of, say, 512Kb/s. I _think_ I have most of this set up, but had to go through several iterations of the wizard and cutting out chunks it added in to get it where I want it. Now I have to go test. Anyone else smell what I'm standing in? Is this a bad or untenable idea? RB