Ok, got it, so the FW's are establishing the VPN tunnels between the sites. In this case, since the traffic will be encrypted, the Wanos device needs to be between the users and the FW.
Regarding inline deployment: The IP addresses on the machines are for management of the devices and communication between them. The rest of the network is not aware of these IP addresses (e.g. no need for configuring additional gateways). In other words, if the FW is handing out DHCP at the moment to the users, this stays the same when the appliance is placed inline. One physical interface (wan0) connects to the FW and the second to the switch (lan0).
Edit:
For the archive: In this topology, the FW might need configuration to allow IPComp (IP Proto 108) and the auto detection TCP Option 76.
This is the recommended action. Alternatively UDP Encapsulation can be used.