Im currently only using Sensei on my LAN side, the only open port i have on WAN side is for WireGuard does it make sense to run Suricata on the WAN side?
I run my firewall this way, I have a lot of hardware to spare so it doesn't affect my performance noticeably. I only have OpenVPN exposed currently, but I do host game servers in my DMZ from time to time, so it was a necessity for me. Remember any open port is an attack vector. So you'll need to decide if you have hardware that can handle the added load of Suricata and Sensei without affecting performance. If you can implement it without hurting performance, and have the time to set it up and tune it, I'd say go for it. Security is about layering solutions so it would always be a positive improvement on the security front.