It would help if you provided more details on your network layout, including firmware version on the fgt, and how the proxy is implemented. There are 3 primary firmwares in use (4.3.x, 5.0.x, and 5.2.x) with similar or different ways to implement the same or similar feature on the fgt.
If you are using the web proxy features on the Fortigate then I'm pretty sure the various UTM features (web filter profile/URL filter, etc.) are applied to the individual IP addresses (e.g. devices/users) either before or after that traffic enters/leaves the proxy.
If you are not using user/device policies on the fgt, then one "classical' way to implement your request is to assign static IPs (either via DHCP reservation or direct static settings) to the devices in the department, then on the fgt, create firewall address objects for those IPs and group them. Create a firewall policy using that group as the source and set whatever UTM features you want, move this firewall policy up in the firewall rules list above any general firewall policy so it is executed. If we are talking like over 20-30 computers you may be better off using either user/device policies or assigning static IPs in a single block range (then you can use that IP block range as the source in your firewall policy).
The Fortigate cookbook on the Fortinet Document Library site already has examples of implementing the above.
Edit: Note I am assuming internal LAN traffic is hitting the fgt directlt and not going through a proxy device first.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C