are the HTTPs and SMTPs traffic inspected through SkyATP by default, or there is a special configuration required?
SSL proxy is needed for the encrypted traffic, below are the references:
Do I have to download the generated firewall self signed certificate to clients PC's?
As I think if we didnt then the clients will get a security warning for the Https pages, correct?
Yes, PC should get the certificate warning if root CA is not installed in the PC .