I'm getting back to you with my tests to checkout if Zerotier works in a similar network as your company and the result is yes it works but a bit slower than a direct route (it was expected).
Here are my firewall rules on the local network:
If I ping a device (hosted in Europe) inside my virtual network I get a ping of around
210ms, probably because the Zerotier root servers are located in the USA and I'm in Europe so depending on your location you will probably have a lower ping than mine:
user@ubuntu:~$ ping 192.168.192.1
PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data.
64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=209 ms
64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=5 ttl=64 time=209 ms
--- 192.168.192.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 209.236/209.896/210.163/0.457 ms
So for the DNS requests I get around 0.5s of response time:
user@ubuntu:~$ time nslookup google.com 192.168.192.10
Server: 192.168.192.10
Address: 192.168.192.10#53
Non-authoritative answer:
Name: google.com
Address: 172.217.168.206
Name: google.com
Address: 2a00:1450:400e:80c::200e
real 0m0.487s
user 0m0.015s
sys 0m0.014s
Which is not bad compared to without the firewall restriction:
user@ubuntu:~$ time nslookup google.com 192.168.192.10
Server: 192.168.192.10
Address: 192.168.192.10#53
Non-authoritative answer:
Name: google.com
Address: 172.217.168.206
Name: google.com
Address: 2a00:1450:400e:80c::200e
real 0m0.100s
user 0m0.019s
sys 0m0.009s
So in conclusion, there is around 400ms of additional latency (in Europe) when running Zerotier behind a very restrictive firewall but Zerotier can really work in every network.