This is expected normal behavior.
When you use the Transparent SSL proxy, you can block every website/url you desire with the Web content filter blacklist.
From the technical point of view, nDPI inspects traffic that goes through the firewall, but a transparent proxy terminates the client connection to the firewall itself, not letting it through and creates a new connection from the firewall to the requested web server (i.e., there are two connections both with the firewall as source or destination, not a single connection traversing the firewall).
We would probably need to document this carefully.