Issue: ERR_CONNECTION_CLOSED Error When Accessing a website.

When attempting to access a website, an ERR_CONNECTION_CLOSED error is encountered despite the following configurations:

• The website category is allowed in FortiGuard and is added to the URL filter as an exempt site.
• Web Filter Category Override is enabled.
• Logs display both allow and deny messages intermittently.
• Debugging shows normal operations.
• Geographic Country Block is not enabled, and the country is allowed.

However, the website still fails to open with the ERR_CONNECTION_CLOSED error when accessed via a browser.

The issue comes as per the added ML-KEM post-quantum TLS key exchange support on browsers.

Resolution.

To resolve this issue, add the website to the SSL inspection bypass or exemption list. This action should allow the website to open normally.

Alternatively, switch firewall policies from using Flow-Based + Deep Inspection to one of the following options:

• Proxy-Based + Deep Inspection.
• Flow-based + Certificate Inspection.
• Proxy-based + Certification Inspection.

Procedure: Adding an FQDN to the SSL Inspection Bypass or Exemption List.

1. Navigate to the SSL inspection settings in the Fortinet device.
2. Locate the section for SSL inspection bypass or exemptions.
3. Add the Fully Qualified Domain Name (FQDN) of the website that is experiencing the ERR_CONNECTION_CLOSED error.
4. Save the configuration and apply the changes.

The website should now open without encountering the ERR_CONNECTION_CLOSED error.

Screenshots as below:

How to add FQDN in SSL inspection bypass or Exemption list:

Related article:

Technical Tip: Exempting applications from SSL Inspection