If you have LOG ALL ALLOWED enabled in the HIPS Activity Log menu, then you should see the traffic going out from the system, however, like you said, if a browser is proxying, then the Activity Log is going to see traffic going from the client to the proxy server (not to the destination network you're monitoring).
For non-proxy traffic, you should see it going to/from the monitored networks.
FYI, just in case you aren't aware, HIPS does not generate ePO events for firewall traffic. If you mark a Firewall rule as MARK AS INTRUSION, this will trigger Network IPS Siganture 3702 (if you have NIPS enabled).
Ok, your answer highlighted what's happening.
- When allowing and logging traffic via a firewall rule, it logs LOCALLY only in the machine HIPS activity log. No ePO event is generated.
- When blocking and treating as intrusion, an ePO is event IS generated.