alt Hacker NewsThis may very well be the system in use.
I've seen this effect in several places, not just my work.
Of note: I do not work in the tech sphere. I suspect that this particular loophole may be used by IT personnel to be able to tell the management "yes, we block VPN use" while letting them continue to use their own VPNs. I see no reason to complain.
I suspect there's less thought put into it than that.
There's probably a firewall vendor that has a product that does SNI inspection for blocking things like pornhub and the product comes with a list of sites that includes VPN control planes.