Can you provide more info on this from sk134253?
"SegmentSmack could only be applied on a connection with protection that requires Active Steaming (SSL Inspection, Check Point Proxy, VoIP, Header Spoofing) and either this TCP connection is allowed to the internal network or local user is tricked to connect to a remote malicious server."
What does this mean? Are you saying there is a risk of a successful connection that will not be detected by SSL inspection? Can you please state what could happen with certainty?