What in Azure Front Door could be the cause of random socket exceptions?

Background: I own an API that handles roughly 400,000+ calls a day, primarily from internal clients that I also own. Over a week ago I switched the traffic flow from using Azure Traffic Manager and Azure Application Gateway to instead flow thru Azure Front Door Premium. The WAF rules are aligned with those configured in the Application Gateway and set to detection mode. AFD is configured with custom domains and AFD managed certificates.

During that week the clients experienced approximately 50 to 100 socket exceptions a day. The error: An existing connection was forcibly closed by the remote host.
The exceptions mainly occurred during peak consumption times. Prior to using Azure Front Door these exceptions did not occur. During the Azure Front Door outage yesterday I switched traffic back to its ‘old’ path and magically there are no socket exceptions.

I have seen reference to TLS mismatching being the cause but that would not explain the random. API and clients are running .net core 6. What else can it be and how do I sort this out?