Suricata as inline IPS running on VM from ESXi - Configuration

charles.huddleston · February 24, 2021, 4:15pm

Would like to hear from anyone that has experience configuring a Suricata IPS inline on a VM hosted on ESXi.

Trying to piece together the network side to ensure the VM is getting the packets from the other VM’s hosted on ESXi, as well as forwarding from a separate subnet of phyiscal machines.

Any feedback or guides would be awesome.

Thanks!

charles.huddleston · February 24, 2021, 7:44pm

Pretty easy once I found a good guide.

Set VM with 2 nics
Attach VM Network to 1st
Attach Span Network to 2nd

Portgroups:
VM Network - standard settings
Span Network - VLAN ID 4095 & Promisc mode

Test the configuration with a tcpdump -i xxx icmp and then roll our Suricata

zarandija · February 25, 2021, 6:39pm

Thanks.

Work for me. ESXi 6.7

Regards.

Topic		Replies	Views
Suricata on VirtualBox host Help ips , pfsense	6	2618	September 21, 2020
Architecture help Help ips , community , centos	2	1087	November 29, 2020
Ips suricata test	0	453	January 18, 2021
[new to Suricata] Where do I put my Suricata in my network? Help	1	1942	June 23, 2021
Suricata as IDS and IPS on transpararent mode Help	1	504	February 27, 2023

Suricata as inline IPS running on VM from ESXi - Configuration

Related Topics