I don’t know about the TLS v1.3 issue but I do know that traffic inspection adds a layer of complexity. Like many security technologies, it’s not the magic pill that vendors want you to believe it is, especially factoring in VPNs, remote access tools, and hotspot usage. Furthermore, it’s not just whether your NGFW can handle it but also whether you and your team can handle it. Do you have time? Do you have the expertise? Or, are you like most other shops, and you’re pulled in so many different directions that you won’t be able to give it the attention it deserves…? Stuff to think about.