If all your inside hosts will use the proxy server to access the internet, then you can allow only your proxy server's IP access out the firewall and deny all others. I've used this configuration before. By allowing only the proxy server's IP address access out the firewall, you keep someone from bypassing your proxy and going out directly.
