Hard agree that HTTPS inspection on a firewall is bad news. It's extremely resource intense on the firewall, and stinks of "crunchy outside, squishy inside" security design to me. If your security design could also describe a delicious candy, you don't want to do that.
If you know what you need to have, then we can help you figure out if the MX might be a fit. If you just need an "NGFW" to check off the box, then I think you need to really think more about what exactly you need and why.
@NashThe thing is that as soon as the cost of Advance Security License is added it becomes too expensive for client and client started to compare with the SOPHOS XG Firewall which is cheaper and one time cost.