ubuntu keyserver is using standard GPG keyserver port keyserver.ubuntu.com:11371. It will be blocked by restrict firewall. While Ubuntu.com has enable the 80 on the keyserver, we should add some options to let gpg to use hkp:80 to access the keyserver.
For my example,
gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options http-proxy=http://webproxy.yourdomain.com:80 --recv 36E81C9267FD1383FCC4490983FBA1751378B444
We will be able to retrieve the GPG key through restrict firewall. :)