He should be looking out for a new job...
As long as HTTP connections are not completely blocked or 'whitelist only' you can certainly circumvent ANYTHING. Those irongates are smart but not omniscient.
You could obfuscate the real URL you're querying into some wild session-id like number and put the response into, say a GIF image. Locally (behind the irongate) you'd run a rather simple proxy that obfuscates the URLs and extracts the responses from the GIFs. At home you'd have a proxy doing exactly the opposite. All the irongate would be seeing is you retrieving GIF images from some server.
If the irongate allows for HTTPS then everything is VERY simple: set up a standard HTTP proxy with an SSL listening port and connect to that. Done.
