[ChrisA]

Does anyone out there have a proxy server that users on the network point to in their browser for access to the Internet? If so, do you restrict the ports that the proxy server is allowed to talk out on (eg, only 80/443) or are any ports allowed outbound? If you restrict, is the restriction imposed on the firewall, on the proxy itself, or both? If you restrict on the firewall, do non-allowed ports get dropped (eg, in the cleanup rule) or rejected?

Any experience, advice, comments are welcomed/appreciated. Thanks.