I have a /29 assigned to me from my provider and that is connected to my router. I am looking to setup a VM with Suricata and connect it inline with my /29 and my router. That way I can secure everything coming in and out of my network. I already have a router, I dont want to replace it just have Suricata monitor and/or block traffic before it reaches my router.
I am thinking of of creating a CentOS 8 VM with 4VCPU’s, 8GB of memory, 500GB HDD, and two NIC’s one for management and the other on promiscuous mode. Then configure VM to mirror all traffic from the WAN interface of the router.
Would this be the recommended setup or is there a better way of doing this?