Allowing telegram through firewall: how to find which ports have to be opened?
I am not very familiar with telegram so this is from the perspective of an administrator doing general troubleshooting for ports.
Most applications usually have documentations what needs to be enabled to allow the application to work. You can usually find a list ports, IPs, FQDN by simply googling, "what ports does use". In your specific example the google results shows the following: https://core.telegram.org/bots/webhooks
A webhook needs an open port on your server. We currently support the following ports: 443, 80, 88 and 8443. Other ports are not supported and will not work. Make sure your bot is running on one of those supported ports, and that the bot is reachable via its public address.
By default that means we’re knocking at your door on port 443
Once you get this port information you usually do a test to see if my device can even reach said listener. My preferred method and I truly believe is one of the easiest way is to try and telnet to the host on that port. It doesn't matter if they have a telnet server setup or not, you can verify that the destination is valid. So on a window server I'd fire up the command prompt and try telnet 149.154.167.197 443. In all linux distribution you can use the identical command telnet 149.154.167.197 443. If you get a response you can narrow it down that the issue is somewhere on the source or that is not the port you need.
If you are unable to find any documentation or it doesn't appear to be working you can search your active connections. On windows you can do this by firing up the application and then opening up the command prompt and running the command netstat -a -b . Netstat is a command that displays information about TCP connections on your device. On most linux distribution you can use the much more robust nstat -a from iproute2.
This should solve your issue with finding ports almost every single time. If it does not your last major tool is to download a packet analyzer tool such as ngrep or wireshark and manually analyze traffic from your device. If you know the source/destination you can usually find it pretty quick.
A final note is that before anything if it is going out on the internet. There is a very large chance it will be using port 80 (http) or 443 (https) and should probably be the first guess unless it is using a distinct protocol.