At some point SSL VPN on our FG cluster got really slow, we were never able to utilize full available bandwidth (in fact, we were getting <10%). From inside network everything was ok, but anything VPN-related, both SSL and IPSec, was literally crawling - like 4Mbps with SCP transfer (with speedtest.net giving 250 Mbps). CPU usage, memory, all such things weren't that big - 10-20% CPU at spikes, 30-40% memory steadily. Playing with MTU/MSS, TCP options like SACK and window size, turning on and off inspections didn't give anything. What helped though is switching cluster to "Active-Active" mode and enabling TCP load balancing (by default LB works only for UTM proxied sessions):

config system ha set mode a-a set load-balance-all enable end

I guess, we were creating too many sessions and firewall started to stall at some point. And we didn't face bottleneck in CPU or memory, plenty of them were idle. Maybe it's some hardcoded limitation or idk. And when I offloaded part of sessions to another node, it started to fly again.