For what it's worth, my general rule on SSL inspection is 'if you have a legal requirement to use it, fine; otherwise, don't bother'. It's a lot of trouble to get set up properly; requires modification of devices outside the NG Firewall itself; and ultimately doesn't really provide much in the way of additional effect. For example, Web Filter is just fine without SSL Inspector. App Control does its own DPI without needing SSL Inspector at all. The only app that sees a significant benefit from SSL inspection is Virus Blocker, and you shouldn't be relying entirely on gateway-based virus protection in the first place.

There's another method of SSL decryption — deep packet inspection — that works in a completely different way, usually requires dedicated hardware, and is entirely outside the realm of NG Firewall's capabilities. In that case, sure: inspect away. The man-in-the-middle-style inspection NG Firewall performs has its share of limitations and often times, the only solution is 'don't inspect that site'.