@ezvink said in can snort/suricata secure clients using VM?:
@steveits
That's what I want to ask sir, right, the network used by VM Attacker is the same network as the VM Client, but it doesn't work, sir, to attack the client, it is not detected by snort/suricata
Two hosts on the same network (meaning the same subnet and/or VLAN) will communicate with each other directly point-to-point. They will NOT send their traffic through any gateway or firewall on a third host. So the pfSense machine in the scenario you described will never "see" the traffic between those two hosts (your VM Attacker and VM Client) and therefore cannot generate alerts. pfSense and any IDS/IPS running on it is blind to the traffic.
The only time hosts will send traffic through a gateway or firewall is when the destination of the traffic is on a completely different network.
In your other posts here, you seem to lack basic knowledge of networking and the set up of Hypervisors. Before you try experiments with an IDS/IPS, you should first really study and learn fundamental networking theory. Even a cursory knowledge of how routing works in the OSI model would have allowed you to immediately see why your current setup will not work.