Quite a broad question...mainly you're asking for 'best practices'.
You can only reduce performance by choosing proposals (phase1 and phase2) which are not hardware-accelerated. ATM AES256 is deemed secure, costs less performance than 3DES (ugh) and is run on the SP (ASIC), that is, accelerated.
I'd rather stay away from EC proposals.
Is IMHO mainly dependent on line stability. If the WAN line glitches, an IPsec tunnel has to renegotiate. (Which BTW reduces throughput as well.).
But you can plan for more stability in the network design. Use redundant tunnels and monitor connectivity with link-monitors. If set up correctly, this minimizes downtime. See to it that switching between tunnels is delayed (with hysteresis) to avoid flapping.
In FortiOS 5.6 and esp. 6.0 and 6.2 you can achieve all of this with the SD-WAN construct. Recommended.
And one last stability hint: do not use the latest, bleeding-edge firmware version. You never do. v6.0.6 is stable and secure.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.