Skip to main content
HT_JDC
HT_JDC
New Member
November 12, 2025
Question

Adaptive Forward Error Correction

  • November 12, 2025
  • 3 replies
  • 2185 views

Hello Experts,

 

Confirmation for "Adaptive Forward Error Correction (FEC)".

https://docs.fortinet.com/document/fortigate/7.6.4/administration-guide/169010/adaptive-forward-error-correction?utm_source=chatgpt.com

 

Is Adaptive FEC only applied to the existing "virtual-wan-link" SD-WAN zone?

I tried it for my created/custom zone which belongs to IPsec tunnel members,

however, it does not seem to work.

FEC counter is not increased at "diag vpn tunnel fec VPN-NAME".

 

If any, I would like to know the official KB ID and/or the reference.

Any comments are appreciated.

 

Best regards,

 

 

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 18, 2025

Hello HT_JDC, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 19, 2025

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 19, 2025

Hello again HT_JDC,

 

I found this solution. Can you tell us if it helps, please?

Adaptive Forward Error Correction (FEC) is designed to work within the SD-WAN framework, specifically with the "virtual-wan-link" SD-WAN zone. If you are attempting to apply Adaptive FEC to a custom zone that includes IPsec tunnel members and it is not functioning as expected, it may be due to the configuration not aligning with the supported SD-WAN setup.

To troubleshoot this issue, ensure that:

  1. The IPsec tunnel is part of the "virtual-wan-link" SD-WAN zone.
  2. The FEC profile is correctly configured and applied to the appropriate traffic streams.
  3. The SD-WAN health checks and SLA metrics are properly set up to trigger FEC adjustments.

Unfortunately, I do not have a specific KB ID or reference for this issue. If the problem persists, consider reaching out to Fortinet support for further assistance.

Jean-Philippe - Fortinet Community Team
HT_JDC
HT_JDCAuthor
New Member
November 20, 2025

Dear Jean-Philippe,

 

Thanks for you answer.

I checked both egress and ingress in IPsec configuration.

However, it seems that FEC counter is not increased, seeing result of "diag vpn tunnel fec VPN-NAME". 

 

Performance SLA is configured and  "Best quality" strategy is selected with the SLA.

 

You said:

 

  • The FEC profile is correctly configured and applied to the appropriate traffic streams.
  • The SD-WAN health checks and SLA metrics are properly set up to trigger FEC adjustments.

 

Can you tell me exactly what needs to be configured to activate Adaptive FEC?

 

Any comments are appreciated.

 

Best regards,

 

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 20, 2025

Hello again HT_JDC,

 

I found this answer for you: 

 

To activate Adaptive Forward Error Correction (FEC) in your IPsec configuration, ensure the following steps are completed:

  1. SD-WAN Zone Configuration: Ensure the IPsec tunnel is part of the "virtual-wan-link" SD-WAN zone.

  2. FEC Profile Configuration:

    • Configure the FEC profile with appropriate base and redundant packet settings.
    • Example:

    • config vpn ipsec phase1-interface edit <Tunnel-Intf> set fec-egress enable set fec-ingress enable set fec-health-check "Performance_SLA" set fec-mapping-profile "FEC-Profile" set fec-redundant 1 set fec-base 10 next end

  3. Performance SLA Configuration:

    • Ensure a Performance SLA is configured and associated with the SD-WAN zone.
    • The SLA should monitor metrics like packet loss, latency, and jitter.

  4. SD-WAN Strategy: Select the "Best Quality" strategy to ensure traffic is routed based on the best available link quality.

  5. Traffic Policy: Ensure that the traffic sensitive to packet loss is identified and a dedicated firewall policy is in place where FEC is enabled.

  6. Verification: Use the command diagnose vpn tunnel fec <Tunnel_Intf> to verify FEC status and counters.

If all configurations are correct and the FEC counters are still not increasing, verify that the network conditions meet the thresholds set for FEC activation, such as packet loss exceeding the configured threshold. If issues persist, further investigation may be needed to ensure all configurations are correctly applied.

Jean-Philippe - Fortinet Community Team
Terms & ConditionsAccessibility statement