Restrict users from connecting to LAN Gateway

Hi, Guys,

A weird question comes, that I want LAN user workstations to access internet through the dedicated IP (the Proxy server) as the LAN default gateway, but not the LAN interface IP as the local default gateway, any advice or recommendation ?

I want internal users to configure their workstations tcp/ip setting with the default gateway is not the LAN interface IP, but the dedicated IP is a proxy server;

Due to some users are often out of control, I want to restrict users at Fortigate device: if any user configure the workstation tcp/ip setting with the default gateway = LAN interface IP, they can not go internet, in order to force users configure workstations tcp/ip with the Proxy server as the local LAN gateway.