Hi,
It would be good to apply internet to inside as the connections from inside to outside & inside
to WAN are classified from source addresses. From the internet, the threats are generally higher
as vulnerabilities in your internal network is unknown, it could be subject to reconissance attacks etc..
Running a firewall as well as IPS cuts down throughput as most firewalls check the packet for source/destination/port against an ACL and then forwards it to the IPS inspection engine. You might want to consider a dedicated IPS appliance.