Forward firewall traffic

Diego_Santos · September 14, 2022, 2:34pm

Hi everyone,

We set up a Suricata server on our network. I would like to know the best way to forward traffic from a cisco meraki to Suricata in IDS mode.

I appreciate any support.

waf_ruler · September 17, 2022, 2:42pm

According to the deployment method of meraki, there is no way to directly throw traffic to suricata, but you can use a mirror copy of the switch traffic to be sent to suricata for detection, which is a bypass deployment .You could look this pic:https://meraki.cisco.com/wp-content/uploads/2021/12/ms-hero1.png
(根据meraki的部署方式，是没有办法直接把流量丢给suricata的，不过可以使用镜像一份交换机的流量来交给suricata检测，属于旁路部署)

Diego_Santos · September 17, 2022, 2:55pm

Thank you very much for answering @waf_ruler!

One last question, is it possible to do this even if Suricata is configured in a VMware virtual environment? Is it possible to mirror the door?

Thanks

waf_ruler · September 17, 2022, 3:01pm

if Suricata is configured in a VMware ,You should use the bridge mode to allocate the IP address of the same network segment as the physical machine, so that other machines on your intranet can access your virtual machine, so that the traffic of other machines on the intranet can be successfully transferred to your virtual machine suricata。

waf_ruler · September 17, 2022, 3:04pm

For example, your physical machine IP is 10.8.3.129, you installed a VM on this physical machine, your suricata installed in one of the virtual machine environments, the IP of the suricata virtual machine to bridge the chain to get a valid IP in IP 10.8.3.1/24, then you want to detect the traffic of 10.8.3.121, then the traffic of 10.8.3.121 is transferred to suricata with the help of a proxy

Diego_Santos · September 17, 2022, 3:15pm

Very good, it’s clear!

Thank you very much for the support

waf_ruler · September 17, 2022, 3:24pm

Meraki can be seen as a forward proxy server, for example, we access the company’s network resources at home, and then it (meraki) goes to the intranet to help us get it back according to the resources we want to request, so if we can debug the meraki terminal shell, we can directly install it with meraki.

Diego_Santos · September 17, 2022, 3:53pm

Perfect.

At the beginning of next week we will work again on this demand. I’ll post something again as soon as we finish the activities.

Thank you again @waf_ruler.

Have a great weekend.

waf_ruler · September 19, 2022, 8:40am

Good luck with a good practice and keep communicating～

Topic		Replies	Views
Suricata IPS mode on bridged interface Help ips	4	499	September 19, 2023
How to deploy suricata at Internet Link using a VM Help	1	311	July 31, 2023
Forward Inspected Traffic From Suricata To Other Virtual Instance (PolarProxy) Developers community , suricon , suricata	6	615	June 19, 2023
pfSense - Allow All Traffic From Host Help ips	2	1615	July 27, 2021
Architecture help Help ips , community , centos	2	1093	November 29, 2020

Forward firewall traffic

Related Topics