So I'm going to be the bearer of bad news here. I work in a large school district that formerly used the Lightspeed product up until last year in the middle of the school year. In short we had MAJOR issues with the proxy and also major issues on the Windows computers and after spending months on months it was so bad and we were at the end of our contract, we dumped them in the middle of the school year it was that bad. That was an ugly month or two getting everyone switched over. We even had one issue with them 2-3 years ago, that Lightspeed's CEO got involved directly accusing Jamf of not deploying profiles properly and "magnanimously" offered to buy out our Jamf licensing for MDM so we could use there's. My back was against the wall because we were having major filtering issues. I had to actually reach out to @deanhager, the CEO of Jamf directly and his team along with our team were able to prove to Apple (rare they are the neutral party) that the bug was with Lightspeed's app.
I wouldn't recommend them to ANYONE and their problems only got worse when we moved from App/profile to PAC file because then the iPads worked, but there were Rocket issues that they said we needed to move to Relay to address (and of course pay more)!!
Now onto your specific issue because I may have light to shed on it. There actually is an Apple bug right now with the Global Proxy payload that started in iOS 13.5. Check out my post on this, I have a bug filed with Apple on an issue contained in this post. https://www.jamf.com/jamf-nation/discussions/36563/anyone-noticing-a-problem-with-global-proxy-payload-settings
If this issue is affecting you, I have my AppleCare Enterprise case on this subject if it helps.
We too have light speed relay in our district, deployed across Ios, chrome, windows, & MacOS. For quite a while, we we're dealing with the issues of drops on our Mac devices (& windows PCs too, to a lesser extent). All too often, we just had machines where pages at random would get blocked, almost seeming like the agent itself was crashing.
After alot of back and forth with tech support we earlier this year moved to a stable build of the agent, as well as identified issues with our blocks (mainly due to presumable "too many" or certain things that were moved into the "exclude from ssl inspection" setting. One of the support rep's finally just combed through it, & we managed to find the bag egg. Not sure if that might be worth coming through for your situation - adding / removing some and then seeing how you fare. I just know we have nothing set for SSL exlcusions for ur for jamf, or our instance, & seems to operate stability at the moment.
Id just also Ensuring you have the appropriate apple exclusions in your relay instance (which that info can be found among lightspeed support articles)
Lightspeed offers alot of promise, and has improved since its very rocky launch. Overall, I've been okay with the product when it works, & it's really a lifesaver since we all moved to full remote. It flawless on chromebooks, but between the headaches on other devices though stemming from the occasional breaks (wither due to an iOS bug/update or the agent) & just the limited means diagnostic abilities, has made it a less than desirable journey.
Hope this helps in some way; if you have a question or need to spitball ideas, feel free to reach out.