Delayed Policy effectiveness

after we enable SSL inspection more widely, an application had an issue.
So I checked the logs and created an URL category for bypassing authentication and ssl inspection.

After activation I checked the weblogs and I saw, that URLs from my new category were still “corporate marketing” and SSL Inspected. Other URLs from the same category were mapped to the new category and not ssl inspected.

I put the SSL bypass rule as rule Nr.1.

Is it possible that the polices are not immediately enforced after activation?
My other theory is, that it was an issue due to “retain parent category”, which was automatically applied when I added URLs that I did not clean up in other categories first.

After 15-30 minutes, all URLs were properly bypassed.

Has anyone seen such a behaviour?

Best regards