The reason this may fail is because flyctl uses UDP to connect to Wireguard. However, the latest prerelease of flyctl has an option to connect using websockets over port 443, which should not require intervention from your IT team. Can you try it out?
Install the prerelease:
curl -L https://fly.io/install.sh | sh -s pre
Then:
fly wireguard websockets enable
fly deploy