IPS/IDS on S2SVPN
Can I add IPS/IDS functionality to S2SVPN? Does it mean that I would have to enable IDS/IPS on WAN interface? The point is that I would like to monitor the traffic which comes in via the IPSec tunnel. I understand that I can limit such traffic on firewall itself by allowing only access from remote network to specific LAN IP and port, but I just wonder if enabling IPS/IDS on S2SVPN (WAN interface ??) is possible and worth doing.