for 1: No. Do you have any details about the URLs which are called so I can have a look?
for 2: For the Known CAs in the Web Gateway there are also lists which contains all the CRL and OCSP responder URLs. You can make a rule that allows access if a URL from these lists is queried. There is not an existing rule set, but the rule would be like
URL is in list <Known CRL URLs> OR URL is in list <Known OCSP URLs>
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.