CI testing networking software that must traverse restrictive firewalls

Question

I'm working on some networking code (WebRTC) that must work through restrictive network firewalls. That is, I hope some big-company customers will use it.

I hope to unit-test or CI-test some of these use cases. Asking customers to cooperate and test it for me works, of course. But I can only get away with asking them to do that once a month or so.

Configurations that block various operations, like UDP transport, WebSockets, various ports, and so forth, would be helpful. Ideally the tests would run against a suite of fake/mock firewall configs.

Can you recommend ways of setting this up? We happen to use Gitlab CI. Still, any suggestions are welcome.