hello,

you can try to set porxy on  your webrowser for your all PC's  and open policy from proxy server to untrust any any  NAT egress

hope help you  

thank you mehdi for your answer

I don't want to set proxy on the PC's, I want to force the use of the proxy for all the browser (firefox, IE, ...) so if a user chooses any browser, he will be redirected to my proxy ...

yes my answer mean this, when you set proxy on the browser the all traffic will be redirect to your proxy server

for example : 

on firefox clic tools>>> option>>>>advenced>>> network>>>> setting you set you ip proxy

after that you permit on the firewall traffic to internet 

hop this helps 

Ah i so sorry,  ok , i don't think you can use this with redirect traffic, i know only  :

first:       you use gataway  for all internet traffic for you can use the firewall

scond : you user proxy server but you should to setting the all browser

or  

you can try this 

you change IP addresse for your proxy server  and bind it in the DMZ 

and crete policy from local network to DMZ 

create policy from DMZ to Untrust with nat

don't forget the routiing

hope this help you 

It is possible to redirect web traffic to the proxy automatically, using policy based routing, but the configuration isn't trival. Basically what you have to do is route all outbound traffic on port 80 via your proxy - except for traffic originating from the proxy itself, or you'll end up in an infinite loop.

Check the user guide, there might  be an example there (its a bit long to describe it all here).

ps: it will be easier if you make your proxy listen on port 80 for transparent interception, that way you won't have to translate the destination port on the firewall.