Forward firewall traffic

Hi everyone,

We set up a Suricata server on our network. I would like to know the best way to forward traffic from a cisco meraki to Suricata in IDS mode.

I appreciate any support.

According to the deployment method of meraki, there is no way to directly throw traffic to suricata, but you can use a mirror copy of the switch traffic to be sent to suricata for detection, which is a bypass deployment .You could look this pic:

Thank you very much for answering @waf_ruler!

One last question, is it possible to do this even if Suricata is configured in a VMware virtual environment? Is it possible to mirror the door?


if Suricata is configured in a VMware ,You should use the bridge mode to allocate the IP address of the same network segment as the physical machine, so that other machines on your intranet can access your virtual machine, so that the traffic of other machines on the intranet can be successfully transferred to your virtual machine suricata。

For example, your physical machine IP is, you installed a VM on this physical machine, your suricata installed in one of the virtual machine environments, the IP of the suricata virtual machine to bridge the chain to get a valid IP in IP, then you want to detect the traffic of, then the traffic of is transferred to suricata with the help of a proxy

Very good, it’s clear!

Thank you very much for the support

Meraki can be seen as a forward proxy server, for example, we access the company’s network resources at home, and then it (meraki) goes to the intranet to help us get it back according to the resources we want to request, so if we can debug the meraki terminal shell, we can directly install it with meraki.


At the beginning of next week we will work again on this demand. I’ll post something again as soon as we finish the activities.

Thank you again @waf_ruler.

Have a great weekend.

Good luck with a good practice and keep communicating~