One can make an argument either way in certain use cases. but the generally accepted practice is to put an IDS/IPS after the firewall (from the point of view of incoming traffic - i.e. closer to the interior or private network).
Firewalls are generally designed to be on the network perimeter and can handle dropping a lot of the non-legitimate traffic (attacks, scans etc.) very quickly at theingress interface, often in hardware.
An IDS/IPS is, generally speaking,doing more deep packet inspections and that is a much more computationally expensive undertaking. For that reason, we prefer to filter what gets to it with the firewall line of defense before engaging the IDS/IPS to analyze the trafficflow.
In an even more protected environment, we would also put a first line of defense in ACLs on an edge router between the firewall and the public network(s).
