Welcome to the SSG-5 firewall.
Your internet access issue is just one of nat. The quickest solution with your current setup is to make just add source nat to your existing trust to untrust access policy.
Policy--Policies
Edit the trust to untrust
Hit the advanced button
check source nat on egress interface
Some things you may want to consider is reading up on zones and policies. this configuration does put your public traffic, employee traffic and your POS all in the same security zone. At minimum you probably want the public segment pulled out to a separate zone and blocked off by policy.