The big difference between FW/VPN and the two other roles, IPS and L2FW is that the first is a routing device operating on layer 3. It has IP addresses on its interfaces and sits on segment boundaries.
On the other hand, IPS and L2 firewall are L2 devices, meaning they are not routers, do not have IP addresses (except for management connectivity), and therefore do not constitute a segment border. Also they do not support features such as VPN or NAT. L2 devices are invisible on the network, to communicating hosts they are as good as a section of UTP cable, when everything is working correctly.
You can see from this difference how deployment of the different roles on a network is quite different.
"IDS monitoring" refers to capture intefaces on IDS devices. This is a configuration where a switch is configured to copy all or a part of traffic on a segment to a mirror port, which is connected to the IPS. IPS will be able to inspect traffic and raise alerts and blacklists, though it cannot terminate the original connection since only a copy is seen on the device. You can configure this in SMC by creating "capture interface" type physical interfaces in an engine.
Thank you for your comment.
L2FW can create the capture interface in SMC, I think. So L2FW can also have "IDS monitoring" feature, right?