Just to spoil your day, and keep you on your toes about security, I'll describe how easy it is to defeat a proxy firewall.
Lets say you have done everything in this document and have a very secure server and network. You have a DMZ and no one can get into your network and you are logging every connection made to the outside world. You make all your users go through a proxy and the only service you allow to go direct to the outside is DNS (port 53).
One port, that is all it takes to make a firewall worthless. Here is how it is done.
Start by setting up a Linux box somewhere outside your LAN. A good choice would be a box at home connected to the Internet through a cable modem.
Ask your ISP for three IP numbers. Most cable companies will provide up to three.
On this box you need to install the client part of a Virtual Private Network (vpn). See: http://sunsite.auc.dk/vpnd/
Now setup the server side on the VPN with another Linux box. Connect this server to it's client through port 53. Turn on routing and forwarding and put an unused IP number you got from your ISP on it's LAN port.
Finally, on a workstation on the private LAN, change the default gateway to point to the vpn servers and add the third IP number to it's LAN port.
Now, from this workstation, you can go anywhere. The only thing the firewall admin will see is a really long DNS lookup.
Now, take over the world!