(I bet a SonicWall's performance sucks if too many of its features are turned on at the same time - I have a personal loathing for those boxes, as they always seem to be administered by people who haven't got a clue about networking, their configurations make a mathematician's blackboard look simple and easy-to-read, they break more than just a few services, especially VoIP, and they're way overpriced with their licensing.)
That's funny, whats that whole "Firewall" section for then and why does the factory preconfiguration on most of the desktop models come configured as a firewall.
There's firewalls, and then there's firewalls (to use a southern slang saying - meaning that they're not all created equal).
In RouterOS, There's packet filtering based on all kinds of state / header information. It's pretty robust, actually, but it's mostly limited to headers and states. There ARE layer7 modules in the firewall rule matchers, but alas, doing deep payload inspection and trending based on packet patterns is a much more expensive (cpu-wise) function, and this is where ROS tends to fall behind devices which are much more purpose-built.
Even Cisco made seperate IDS/IPS modules for the ISR line.... because this is one of those heavyweight activities.
If you look in one of these IDS boxes, they almost never have much useful functionality in the networking arena - dynamic routing, mpls, etc - it's just different.
I think an inline IDS that detects threats and uses "port knock" packets or an API connection into the Mikrotik to signal blocking rules would make a dynamite combo.