You have configured a Site-to-Site IPsec VPN tunnel between a FortiGate and a third-party device but notice that one of the error counters on the tunnel interface keeps increasing.
Which two configuration options can resolve this problem? (Choose two.)
Increasing error counters on the tunnel interface are often indicative of issues with packet size mismatches or fragmentation. Adjusting the MTU (Maximum Transmission Unit) of the physical interface to which the IPsec tunnel is bound ensures that packets do not exceed the size limits of any physical interfaces, which may be causing the errors. Similarly, adjusting the MTU of the IPsec interface itself can help prevent packet fragmentation within the VPN tunnel, ensuring that packets are transmitted efficiently and without errors. Forward Error Correction (FEC) and DF-bit honoring are less commonly used solutions for this specific type of issue.
original question is with choose three option + missin here an additional answer
Not sure on the missing answer. A: FEC can help reconstruct the lost data. B: the DF bit enabled would make it so if the MTU of the packets were bigger than the physical interface MTU then it would drop, so this is better to be disabled. C: Adjusting the MTU of the physical interface effects all traffic through that interface. D: Adjusting the MTU of the IPsec would allow the encrypted payload to fit into the size of the interfaces MTU, preventing the drop of packets.