Currently, it is setup according to their recommended practice for a production environment (transparent bridge mode). The iPrism has two LANs - one for "in" and one for "out". They call it transparent proxy mode, but it is inserted just prior to the router so that all traffic must pass through it to reach the router. both interfaces have the same IP address, but the user can't see that. You can ping the address or login to it directly, but traffic destined for the Internet is apparently captured, filtered and then sent out to the router. Returning traffic also must pass through the iPrism and is filtered.
I think I can change it to transparent proxy mode where it is just another IP address on the LAN and then use policy based routing to force all client traffic to see the iPrism as the next hop. This would be straightforward policy based routing. If the school won't let me do that, it gets complicated as the iPrism must have physical separation between the two ports, but they are on the same IP number.
