Believe it or not I have a similar issue access, of all sites "bbc.co.uk". We are running R80.40 with JHFA118 and in VSX mode.
I've enabled https inspect on a test VS. cnn.com works fine and bbc.co.uk fails everytime with https enabled.
I raise a TAC case, months ago and TAC have not provide any resolution.
What I do know is the Global Root CA used is imported into the repository (by default), the intermediates are not there (yes did try to import this as well and TAC were on a zoom with me) but that should not really matter.
The only way I could get this working was to import the actually 'bbc.co.uk' certificate, which is totally wrong (TAC have also seen this).
For me using https inspection is completely useless with Checkpoint for two reason:
- When we have a site that does not work, the evidence so far indicates that Checkpoint cannot resolve it within a reasonable timeframe.
- The resource requirements to use https inspection is just not financially viable, its better to use a cheaper competitor that does this at a fraction of the cost and with dedicate inbuild https inspection module without the hefty price tag.
Sorry this sounds like a rant, but unfortunately this has been my experience.
also one odd thing that TAC mentioned which I've challenged:
Apparently VS0 needs access to the internet for OSCP access, despite the fact I see no traffic from VS0 even attempting this.