How to deploy suricata at Internet Link using a VM

Hello folks
I am new in this platform and trying to learn how to deploy Suricata to monitor network traffic as it comes and goes out through the Fortigate firewall?

May scenario is as follows.

  1. Most of my servers are VMs running on Huawei Virtualization platform Machines, this also includes the system that I am going to deploy Suricata on, its also a VM.

  2. I have most of my VM servers sitting on 2 different subnets. for Example lets say another group is on. 196.2.3.X and 172.2.3.x ranges

  3. My fortigate firewall being on other range internally eg

  4. All traffic or logs from Suricata would be sent to ELK stack using either elastic-agent or firebeat.

Where do I place my Suricata sensor and how can I configure the VM to capture traffic for all incoming and outgoing traffic in this scenario?

Please note also, should I get this correctly, I would like to expand Suricata to monitor traffic between endpoints and servers as well.
Your advice would be highly appreciated and would help a lot.

This depends mostly on your virtual environment. You would have to use the features of that to forward traffic from those VMs to the VM that runs Suricata.
This is not related to the subnets, ideally pure traffic mirroring on the virtual switch and forwarded to the VM and there you use an interface as capture interface.
Ideally Huawei provides documentation about traffic forwarding in the product.