The following restrictions apply:
I fought my way out using an external server. I configured the SSH daemon to listen on port 443 (HTTPS) so that I can hide traffic in secure HTTP packets. In /etc/ssh/sshd_config, add this line below the one that says to listen on port 22:
Note: do this only if you are not offering HTTPS services on your server.
Then I downloaded putty (from Freshmeat, an allowed site). In the "Session" part of the configuration tree, I enter my external server name, enter port number 443 and specify to use SSH.
In the "Connection part, select "Proxy". Then mark proxy type HTTP, enter the proxy hostname and port, domain\username and password. Open the connection and test.
If SSH connections to your server work using this method, you can take on the next problem, the surfing restrictions.
I configured a Squid proxy server on my remote server, using the following configuration in /etc/squid/squid.conf:
acl allowed_hosts src x.y.z.0/255.255.255.0 http_access allow allowed_hosts
In the above, replace x.y.z.0 with your network. I left the rest of the default configuration as it came with the Debian package. Make sure that the proxy server is running: if there are errors in the ACLs, it is likely that it does not start. Check your log files.
Now on your firewalled workstation, take putty again and configure it to connect port 80 on the local host to the proxy port 3128 (Squid default) on the remote host, while keeping the settings to connect on port 443 on the remote host. In "Connection - SSH - Tunnels" enter 80 as the source port and remote_hostname:3128 as destination. Select Local and click the Add button. Then open this connection. You get the remote loginprompt. Connect.
Now take your favorite browser and enter localhost and port 80 as proxy setting. Test by surfing to a forbidden websense category.
NOTE: you might get in trouble doing this. Do these things on your own responsability.