Hello Checkmates!
I'm in this unusual dilemma right after migrating to a 2-tier firewall setup. Before when everything is on separate HA instances, everything is working as intended (This was all working from when I started the setup from R80.10 up until R80.40 before we did the activity). Now that everything is running on R81.10, for some reason, categories are not working. Thinking that it might be due to the fact that we have an external firewall that only handles DMZ traffic, I confirmed it by creating a custom application and creating a policy for it. The custom application works for Microsoft Edge, and Mozilla Firefox, but not on Chrome.
Now if everything is working as it should be, it would be blocked by policy 44.2, instead on 44.3 but that's not the case. When I tried to use the HTTPS inspection, user experience is really bad that it would take around a minute or so to just open google.com, and even then, porn sites aren't blocked at all by category. (Policies are currently disabled after testing)
Now I would like your input if the behavior is due to the firewall design being 2-tier? If so do I still need to configure blocking policies on the external NGFW pair? I really remember before on the R80 days that its as easy as clicking 1 2 3, but right now for some reason its not working as it should be.
I'll attach configuration screenshots that might help.
Thanks for the help!