Looks like you have 4 Firewall Worker cores who are having to compete with SND/IRQ processing for the same cores. Your RX-DRP rate is well below 0.1% on all interfaces which is good, although your eth4 and eth5 interfaces are attempting flow control with the switch which indicates they are getting close to overruns in the NICs although it doesn't look like any have actually occurred. Please post the following:
sar -P ALL (wait until after your firewall's busiest period has passed earlier in the day before running this)
fwaccel stats -s
When you say performance is unacceptable, during that period is it due to packet loss (doesn't look likely based on what you posted) or excessive packet latency? (more likely) Run a ping through the firewall when performance is degraded to see if it is latency or loss.
One thing that is a bit unusual is the nonzero tx_restart_queue counters, this generally indicates that the TX ring buffer is full which is fairly rare. Most problems I've seen are on the RX side. My guess is that you have very high CPU utilization on your 4 cores and may need to consider unlocking more cores with a larger license; the sar output will show us that. SecureXL tuning may help get that high CPU utilization down.
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.