Well, all firewalls operate by identifying network objects, ports and types of traffic. If you want to block certain employees, you must know their IP addresses. Ideally, they should all be in the same IP subnet. Then you can create a network object in your firewall containing that object and blocking any outbound traffic.
Ports 80 and 443 are ports for web services (HTTP) and secure web services (HTTPS). Most companies will allow outbound access by those ports to their employees, but many will restrict, as it seems you wish to, certain employees from accessing the web.
Depending on what type of firewall you have, many more options are available. Ideally, you should not allow any inbound traffic, and have as few rules as possible. Make sure that you have a default rule of DENY/DENY, or your nice firewall becomes a router allowing everything through.
You can also take a class, and usually you can find good references for configuring your firewall via Google.