The security protection of the Proxmox VE firewall can be further enhanced by configuring an intrusion detection and prevention system such as Suricata. It is a high-performance IDS/IPS engine that is able to protect a virtual machine by rejecting traffic that may be possible intrusions. Currently, Snort and Suricata are two open source mainstream IDS/IPS available, although there are a few others. One of the primary advantages of Suricata is that it is multithreaded, whereas Snort is single-threaded. Suricata is under rapid deployment and has gained popularity in a short amount of time.
By default, Suricata is not installed on a Proxmox node. It needs to be manually installed and configured. As of Proxmox VE 5.0, Suricata can only be used to protect a virtual machine and not any Proxmox host nodes.