Hi,
1) It depends on the flow of the internet traffic. Two devices are needed: optimization and de-optimization. It seems from the description that the internet traffic flows directly over the satellite link. In this case two devices is not possible unless the ISP allows a hosted solution.
Alternatively if the Internet traffic flowed via the HQ site it would have worked but I suspect this would be very inefficient and worse off, because Internet traffic would need to traverse two satellite links. This is the same for any wanop vendor.
The ipsec traffic would be no problem since optimization at both end points are possible.
2) The 200 would be a bit weak at 20/20, the 400 would be more than sufficient for the HQ. If only the ipsec traffic is optimized and this traffic from HQ outbound is in the 6 Mbps range the 200 will be sufficient for the ipsec traffic.