Using both IE and Firefox via multiple proxies.
Of course today it is not feasible to completely do away with IE, as a
very few applications are written for IE4 html inventions or activex.
One way to keep IE is to use the Microsoft sanctioned way of limiting
browsing to "known good sites", a thankless and almost impossible task..
An easier way is to use multiple proxies.
Simply set up 2 proxies, limiting one to the essential IE sites only.
Point IE to the limited one, and all other browsing is via Firefox
through the unlimited proxy.
Set the proxy IPs in the clients via a proxy.pac and Group Policy.
A simple model would be two internal ISA proxies, with the IE one
limited to a select client destination set. Use ISA for reporting.
Both are then chained to the DMZ gateway proxy.
The DMZ proxy should also do the filtering and anti-virus.
Current versions of Java and ISA work together.
This model has been successfully utilised at a number of sites.