i don't know if i fully understand the question or two datacentre requirement.
My question here is that, will link agregation ( binding two physical ports in virtual IP address on firewall) help in failover configuration?
sure, it would help provide redundancy on that network, but the NSP IPS sensors won't really care. Each one will inspect the traffic which passes through it's inline port pair. HA on the NSP sensors work by forwarding all inspected packets and alert data to the peer NSP device via the HA cable. So each NSP sensor is aware of all scanned traffic on both links. if one link fails, the VIP will be broadcasted on the single active firewall interface, and IPS inspection will continue to occur on that link.
Does it mean that data will be monitored from both devices before it will be allowed to pass to core switch? Will the failover IPS connected in HA will not just act as secondary that will keep record of all the sessions of primary. Please can you help me with this point as this is really confusing, the main thing in question is whether link agregation is helpful if I just need only one IPS as active and other should be configured just for HA and should not be active to monitor the data .
Does it mean that data will be monitored from both devices before it will be allowed to pass to core switch?
Yes, kind of. Traffic will be monitored as it flows inbound/outbound through the FW to core switch. If a packet flows over path #1, it will be monitored by IPS #1. Over path #2, then monitored by IPS #2. These IPS sensors are setup as a FO Pair -- therefore IPS #1 will share all events with IPS #2 and vice versa. Whichever IPS detects the alert, it will be the one responsible for forwarding to NSM.
Will the failover IPS connected in HA will not just act as secondary that will keep record of all the sessions of primary.
Correct, it will act as more than just a secondary IPS monitoring the sessions and health of the primary. It will function as a fully operational IPS sensor, capability of monitoring, alerting, and blocking on any detected events.
Regarding whether or not link aggregation is helpful, etc., i guess that's really for you or your network engineers to decide. based on your network and business requirements.