Thank you Ashish . 

I have attached the report for Latency and packet loss there is some . 

Download is very slow you can see with Firewall 

Haider,

Can you check CRC errors on physical interface,

show interface | in crc

Also send me the output of show run all sysopt

Ashish

Thanks . 

when i ran this CRC command there is nothing. 

ciscoasa# sh interface | in crc
ciscoasa#

Here is sysopt 

ciscoasa# sh run all sysopt
no sysopt traffic detailed-statistics
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp outside
no sysopt noproxyarp inside
ciscoasa#

Also there is no Errors and Discards I am monitoring this in System screen shot attached as well. 

Thank you . 

Sry, provide me output of "sh interface | in CRC"

Thank you . Here you go 

ciscoasa# sh int
ciscoasa# sh interface | in CRC
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
ciscoasa#

Can you also send output of "show run interface" Please remove Ip addresses from the output.

Ashish

ciscoasa# sh run interface
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
ciscoasa#

ciscoasa# sh interface ip brief
Interface IP-Address OK? Method Status Protocol
Virtual0 127.1.0.1 YES unset up up
GigabitEthernet1/1 xx.xx.xx.xx YES DHCP up up
GigabitEthernet1/2 192.168.1.1 YES CONFIG up up
GigabitEthernet1/3 unassigned YES unset administratively down down
GigabitEthernet1/4 unassigned YES unset administratively down down
GigabitEthernet1/5 unassigned YES unset administratively down down
GigabitEthernet1/6 unassigned YES unset administratively down down
GigabitEthernet1/7 unassigned YES unset administratively down down
GigabitEthernet1/8 unassigned YES unset administratively down down
Internal-Control1/1 127.0.1.1 YES unset up up
Internal-Data1/1 unassigned YES unset up down
Internal-Data1/2 unassigned YES unset up up
Internal-Data1/3 unassigned YES unset up up
Management1/1 unassigned YES unset down down

Haider,

Can you confirm which IOS are you running on the ASA, You could be hitting this bug CSCus62863.

Ashish

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)

Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"

ciscoasa up 23 days 11 hours

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8192MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is cc16.7e36.53b4, irq 255
2: Ext: GigabitEthernet1/2 : address is cc16.7e36.53b5, irq 255
3: Ext: GigabitEthernet1/3 : address is cc16.7e36.53b6, irq 255
4: Ext: GigabitEthernet1/4 : address is cc16.7e36.53b7, irq 255
5: Ext: GigabitEthernet1/5 : address is cc16.7e36.53b8, irq 255
6: Ext: GigabitEthernet1/6 : address is cc16.7e36.53b9, irq 255
7: Ext: GigabitEthernet1/7 : address is cc16.7e36.53ba, irq 255
8: Ext: GigabitEthernet1/8 : address is cc16.7e36.53bb, irq 255
9: Int: Internal-Data1/1 : address is cc16.7e36.53b3, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0

Looks like you are not hitting above bug, Can you check in the output of show interface if inside or outside interface shows as half-duplex?

ciscoasa# sh interface inside
Interface GigabitEthernet1/2 "inside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address cc16.7e36.53b5, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
64225063 packets input, 11292638564 bytes, 0 no buffer
Received 7251142 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
91128975 packets output, 42030490961 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 12 output reset drops
input queue (blocks free curr/low): hardware (927/798)
output queue (blocks free curr/low): hardware (1022/605)
Traffic Statistics for "inside":
64157148 packets input, 10035381870 bytes
91128975 packets output, 40347367481 bytes
6932374 packets dropped
1 minute input rate 18 pkts/sec, 1888 bytes/sec
1 minute output rate 15 pkts/sec, 3741 bytes/sec
1 minute drop rate, 4 pkts/sec
5 minute input rate 19 pkts/sec, 3010 bytes/sec
5 minute output rate 17 pkts/sec, 4240 bytes/sec
5 minute drop rate, 4 pkts/sec
ciscoasa#

ciscoasa# sh interface outside
Interface GigabitEthernet1/1 "outside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address cc16.7e36.53b4, MTU 1500
IP address xxxxxxxxx, subnet mask xxxxxxxxx
143631677 packets input, 37227485198 bytes, 0 no buffer
Received 93384973 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
49746821 packets output, 9911100372 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 6 output reset drops
input queue (blocks free curr/low): hardware (948/807)
output queue (blocks free curr/low): hardware (1023/905)
Traffic Statistics for "outside":
143631502 packets input, 34612056504 bytes
49746821 packets output, 8935063693 bytes
1340593 packets dropped
1 minute input rate 46 pkts/sec, 2760 bytes/sec
1 minute output rate 11 pkts/sec, 2904 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 56 pkts/sec, 3036 bytes/sec
5 minute output rate 7 pkts/sec, 1978 bytes/sec
5 minute drop rate, 0 pkts/sec

Inside interface shows its only 100Mbps, What configuration do you have on the inside switch port? Can you test it with 1000Mbps full duplex?

Switch have no issues we have checked this as well . We use to have a SonicWall and have no such issues . recently replaced with latest Cisco ASA 5506 FP but we are facing issues with downloading is very slow . 

Tested different systems and its the same effect on all the systems behind the FW . 

Without firewall the Download is just very quick and no issues . 

We are also checking what it could be . 

Replaced the cables 

Replaced the switch ports 

We are also monitoring the interface utilization very closely to check if there is any resources congestion but there is nothing at all 

interfaces never went above to 5 ~ 6 MB 

Also we have an alert if there is any change in the interface or if there is any single Error / Discard on the any of the interfaces 

We have also configured Syslogs / Traps to monitor the traffic through . 

We also have the Netflow enabled and monitoring closely who is using what but on this time even we have a single pc hocked up to the FW we still have the download speed issue that's our major challenge to fix the download speed issue 

If not this FW will be going back to the vendor we have 1 year warranty on that and will replace with the SonicWall 

I dont like it but the customer is not happy with this at all and they need this to be fixed ASAP spent money time on this and have no improvement 

Thank you very much for your help and checking all the things with us . we are still working on this and see if there is anything we can restore the download speed back . 

We use to have Cisco 5505 as well and have no issue unfortunately that FW died due to some hardware failure on customer site .