You just need to study the Firefox proxy options to see the four ways forward. If you do everything at the firewall and have useful default routes in place, then there's nothing to do for Firefox: just set it up for "direct connect to the Internet."
The user can't easily throw away security in Firefox. There's no "let bad things happen to me" checkbox available. They have to work harder than that to cause trouble.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.