If you are using the following deployment method and configuration, clients receive a browser error if their first request is HTTPS and their session is not authenticated to WSS before the first connection attempt.
Here is some sample verbiage of error pages from different web browsers:
Internet Explorer: This page can't be displayed. Turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to https://www.example.com again.
Chrome: This site can't be reached. www.example.com unexpectedly closed the connection.
Firefox: Secure Connection Failed. The connection to www.example.com was interrupted while the page was loading.
This is the expected behavior for current WSS solution.
Browser error on IPsec VPN if the first request is HTTPS (SSL enabled/disabled)
Contact your Symantec Sales Engineer to request a Feature Request.
Request users browse an HTTP site to get authenticated first before browsing HTTPS site.