[zokier]

> They permit SSL to some known websites (for https), but the moment I try to create an SSL or SSH connection to an unknown server (eg. to the bastion box), their gateway instantly terminates the TCP connection!

They are clearly already whitelisting connections, but still allow unidentified connections through?! What sort of logic is that?

[ranger_danger]

Why block all HTTP(non-S) traffic when you can inspect its plaintext? At least I assume that was their thinking.

[aaomidi]

Probably to not break on unknown protocols.