Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

ERR_CONNECTION_CLOSED error occur when Web Filter and Certificate Inspection are enabled

We are using Fortigate 601F in version 7.2.5 as an Explicit Proxy for internal users to access the internet. Web filtering profiles are used to control the internal user's web access.

In our network, there is an upstream proxy above the FortiGate proxy.

(Internal --> FortiGate Proxy --> Upstream Proxy --> External).

All the internet traffic (including the FortiGuard updates) needs to pass through the upstream proxy.

We have configured the proxy setting in the fortiguard. The web filter seems cab be updated via proxy. However, we encountered an issue related to internet access and blocking.

When we enable the Web Filter Profile with Certificate Inspection Profile, the banned websites (Gambling, Adult content) can be blocked by the related Web Filter Category. However, when end-users access some normal websites, such as Gmail, YouTube, etc., they cannot access these websites. It shows ERR_CONNECTION_CLOSED. In the Traffic Log, it showed that the website is being blocked by the UTM feature without a category.


If we use the Web Filter Profile with a "No-inspection" Profile, the internet access works fine. However, those banned websites in HTTPS cannot be blocked.


Are there any suggestions for it?


Thanks all


Dear remuswong,


I believe you are facing issue with webfilter profile.

Can you share the snapshot of the webfilter logs where it is showing block


If it is not blocking by category it can be block by static url filter

Also can you confirm if you are using application control on the firewall policy


Salon Raj Joshi

Dear Salon,


In the Web Filter profile, we have set all categories to "Allow"

We have enabled the Web Filter Profile and Certificate Inspection Profile in the Proxy Policy only.


It is very strange that no logs have been found in Web Filter logs in System Events




Have you tried to install Fortigate SSL certificate to local machines in trusted root certificate store?

Top Kudoed Authors