My understanding is that it can decode all HTTPS traffic because it acts as a Man-in-the-Middle. Traffic from the client to the Fidelis device is encrypted with a Fidelis certificate. Its decrypted at the device, encrypted again with the actual certificate and sent to the destination. If it couldn't do this, I think it would be impossible to distinguish benign traffic from malicious traffic.