There are two paths protected by any firewall:
- Incoming traffic - it should block everything except services which should process requests from outside of your PC
- Outgoing traffic - it is open by default. However, your administrator could decide to block any outgoing traffic too, it’s not common, but possible. In such case you can connect only to services which is allowed by your administrator. This is dead end for any p2p application, which connects to random* ports to transfer data.
*By default any node in the p2p can use any port to listen requests, but tracker (the satellite in our case) do know what port each node uses and offer a list of nodes to the participant.
In your case you need to open an outgoing traffic, the incoming can still be blocked as it was to do not break your security.
The reasons for blocking outgoing traffic could be different - to reduce not related to your job traffic, to limit a volume of traffic generated by employee, to block p2p traffic, to protect the network from ban if one of the PC behind the firewall have a trojan which sends spam or malware.
The ftp service uses the same standard well known port 21, so it is easy to determine the ftp traffic. In case of p2p the outgoing port could be effectively random, there is no standard well-known port.
In case of Storj network there are nodes which uses the default port (it’s not the same as a standard, since the operator can change it and this is normal), so, you could try to use only that default port and add a logic to the uplink to force it to request from the satellite only nodes with a default port. But it will reduce the available network - you will have only 70/110 (the ratio could change, since there is no rule to keep the default port) of the network available.
As a second solution - you can use a gateway service on your server, which will listen only some standard port, but operates with a Tardigrade on you behalf. This will almost eliminate any security, since your encryption phrase and API key would be on that gateway and the traffic between you and gateway will be unencrypted.
The third option is to use a ssh tunnel as suggested by @beast. You can easy setup a ssh server and client on Windows: