Our current setup with Exchange uses SMTP with STARTTLS. We have a requirement from the business to try and decrypt/inspect the traffic. I configured decryption policy the same way as we do for our SSL web servers, but it doesn't seem to be working. The firewall App-ID will identiry the traffic as SMTP, but the decrypted flag is not set in the logs and pcap don't work since the firewall doesn't allow decrypted packets to be captured anyway.
Has anyone been able to get decryption with SMTP/STARTTLS to work (or other protocols with STARTTLS)? Is this even supported by the firewall? I opened a ticket with support, but they have yet to give me a straight answer as to whether this is supported on the firewall.