its is totally depend on your requirement why do you want to do .
DFW is certainly supported. However, it will create cyclic dependency and that is a key reason it is recommended to avoid for the management plane communication. If you have serious limitations with existing firewall devices, you can consider this approach. When more solutions are getting integrated, it will become a tedious job. IDS/IPS use is targeting workloads running on top of the hypervisor. You should rather follow the vSphere security guide to harden the vSphere platform.