I am writing a solution that I found a long time ago. It turned out to be impossibly simple and lay at hand.
First, I note that even then I noticed that with all these filters, I could easily connect to another computer through TeamViewer. This is of course a "crutch", but he made me look at the problem differently.
In short, I took the wonderful program SoftEther VPN Client Manager, which I have been using for a very long time, and stupidly configured it to connect to VPN servers through the proxy of the same filter box - in my case it is 10.0.64.52:3128
Everything. Again, we rejoice at the free Internet.

Without knowing the "specifics" it is difficult to offer a specific solution. Here is the knowledge base of Habr on the topic of bypassing ILV locks:
The program that determines the type of site blocking in pr ... 2014
* Knowing the type of blocking helps to find the best solution to bypass it.
Rostelecom website blocking mechanism research... 2015
Transparent bypass of blocking in the home network 2015
An autonomous way to bypass DPI and an effective way ... 2017
Configuring BGP to bypass blocking, or "How I ... 2018
Sincere Mikrotik against the soulless ILV and the same ... 2019
Bypass ILV locks using DNSTap and BGP 2019
-Rostelecom already uses DPI for blocking , so you need to look at methods against it.
- They should not cut VPN by port numbers and type of packets - all work of corporate remote offices will be disrupted. They can only block access to some VPN providers. But no one forbids renting a server on Amazon and raising a VPN through it.
PS: As always on Habré - the most interesting thing happens not in the article, but in the comments to it.
PPS: a magic link with the addition of site:habr.com at the end - gives 99% of the answers to any technical questions.

I understand correctly that you desperately want to know how effectively the IT security service works in this state organization of yours (and if it doesn’t exist, then just the security service)? The acquired knowledge may affect the bonus / career / further work - depending on what kind of office and what position you have inside it.
It may well be that all traffic to the outside is prohibited from you - I would do just that. Internal mail server and internal proxy, but outside - just nothing at all.

Why don't you contact Rostelecom?

Most likely they use a fake certificate for content filtering with a secure connection.