If you have a WAN interface on the FGt why do the IDS/IPS inspect at that point to catch only "internet" facing traffic? if the WAN port(s) are plumb into the cisco switch just san those to your port-mirror. TheLAG you keep mentioning is not relevant.
# assume 50 your ISP links terminated into a cisco and the IDP is on port gi0/10
monitor session 10 source vlan 50
monitor session 10 interface gi0/10
You can also apply filter with laye3 access if you are looking at specific traffic
monitor session 10 filter session internet_traffic_tool_port
If you need to run IDS on internal get a 2nd tool port on he IDS or a 2nd IDS and create a session just for that traffic and the vlans related to your internal LANs.