Setting it so that it can't be changed is tricky, but doable. To make it happen, do the following:
Locking settings is actually pretty easy. Do the following:
Firefox
1. Open a terminal - ctrl-alt-t
2. Type: sudo gedit /etc/firefox/syspref.js
3. Add the following to the end of the file (insert your values where obvious):
lockPref("network.proxy.http", "X.X.X.X");
lockPref("network.proxy.http_port", XXXX);
lockPref("network.proxy.type", 1);
4. Save and exit.
Chrome
1. Open a terminal - ctrl-alt-t
2. Type: sudo gedit /opt/google/chrome/google-chrome
3. Scroll all the way to the bottom line and change it from this:
exec -a "$0" "$HERE/chrome" "--password-store=basic" "$@"
to this:
exec -a "$0" "$HERE/chrome" "--password-store=basic" "--proxy-server=X.X.X.X:XXXX" "$@"
4. Save and exit
In Firefox, the settings will appear locked. In Chrome, it will look as though the settings can be changed, however any changes made by the end user will be ignored.