Hmmm - interesting. What brand of firewall is used, do you know?
The method/tool is not really related to the brand of the firewall. What IS&T does is that they use the categorization done by IAB is done to filter out content (ie websites) that is determined to be non-business related, the filtering is done on the high-level category.
For SW developers this can be problematic as googling solutions are random in the sense that the solution-hosting website might have obtained a banned category. Sure, an exemption can be requested, but how many have the energy to bother? I don’t, either I find a way around it or I comply.