Hi Christian,
I cannot comment so much on CF network restrictions in general. As for the IoT Services running on HCP, though, the usual security mechanisms apply. In the case of the OData API this is OAuth. If you are able to consume the service from your local machine, this should not be a problem.
Are you handling proxies explicitly in your application code? CF does not need any as for as I know.
Best,
Thomas