It is possible to integrate Suricata Intrusion Prevention System (IPS) into the Proxmox firewall. Suricata is an excellent high-performing IPS and Network Security Monitoring engine. Suricata is a multithreaded IPS which allows load balancing on all the available processors of a system that Suricata is operating on.
Note
For more details, please visit the official Suricata site at http://suricata-ids.org.
Suricata needs to be installed and configured through a CLI only. Log in to the Proxmox node through SSH or a console. This needs to be done individually on all Proxmox nodes that require this feature.
Before installing Suricata, ensure that the Proxmox node is up to date using the following commands:
# apt-get update # apt-get dist-upgrade
Install Suricata using the following command:
# apt-get install suricata
Enable Suricata for a VM by opening the firewall configuration of the VM in
/etc/pve/firewall/<vm_id>.fw
and add the following...