Hello James,
A 'show interface all' from CLI will show you the current, negotiated speed/duplex settings on the PAN. Could we also verify that all appears well on the switch uplinks as well (speed/duplex, errors, resets, etc...). Both the FW & the switch will either need to be configured as Auto/Auto or hardcoded as well, otherwise potential duplex mis-matches could occur. (Both ends of the Vwire should be negotiating at the same speed)
Have you attempted a baseline speed test for comparison prior to implementing any type of security profiles?
Running the following command from CLI will also give you an idea of CPU load, etc... associated with the Dataplane during various intervals: show running resource-monitor
Assuming heavy load as well as potentially high dataplane resource utilization, If possible (preferably during a maintenance window & confirming that interface/switchport issues were not the culprit), can you please apply the following change to your Vwire security policies?
Select 'Options' at the far right of the policy & check the option for 'Disable Server Response Inspection'. Commit & attempt your download tests. (Though you could probably give this option a test regardless & compare performance)
Description below:
Disable Server Response Inspection:
To disable packet inspection from the server to the client, select this check box. This option may be useful under heavy server load conditions.
Regards,
Bryan
