HTTPS Inspection allows you to see all the traffic as if it was unencrypted, allowing you to do full threat prevention and content inspection.
Unfortunately, there are some situations where HTTPS Inspection does not work, namely:
- Certificate pinning
- Client certificate authentication
- Different ciphers used for TLS than are supported in HTTPS Inspection
- Where TLS 1.3 is required
Categorize HTTPS Sites will allow you to categorize HTTPS connections based on the certificate DN, which is sent in the clear.
It, however, does not currently support SNI, which many sites use, particularly anything with a wildcard certificate.
You also cannot see the full URI or any of the content (as we are not decrypting it), allowing for limited threat prevention capabilities.
There are several threads that discuss both of these topics in more detail.