How can I undestand IDS work or not

max-packet-count is only used for gui sniffer capture feature, which may not be available if no harddisk is present. It generates pcap file that are stored in disk logs partition and output that can be downloaded from gui.

For the 'config firewall sniffer policy', max-packet-count isn't used or applicable.  For this feature, all packets are forwarded to ipsengine to simulate fortigate utm features like fortiview, application control statistics, security utm, logging, etc..  This is for previewing/demo fortigate features by just plugging a cable from the network.

Note this is different from another debug feature, 'diagnose sniffer packet', which also don't use the 'config firewall sniffer' or max-packet-count settings.  This is helpful debug command to verify fortigate is receiving network traffic in the first place during troubleshooting. Some related options for 'config firewall sniffer' feature is the sniffer buffer queue size which is 'config ips global --> socket-size' which specifies in MB the sniffer buffer size.  Also 'diagnose ips raw status' gives the sniffer L2 packets received, dropped due to full buffer, or skipped processing by ips due to full buffer.  Either checking this stats or looking at ips debug output should indicate any sniffer packet processing done.

Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys with regards