Synology's Firewall Increases the Security of a Synology NAS...but should you use it?

preview_player
Показать описание
Synology's Firewall in DSM limits traffic from devices attempting to connect TO a Synology NAS, but should you use it?

DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.

WunderTech is a trade name of WunderTech, LLC.

0:00 Intro
0:18 What is a Firewall?
0:40 How Synology's Firewall Works
1:44 How to Configure the Firewall in DSM
4:38 Creating Firewall Rules & Limiting Traffic
12:51 When should you use Synology's Firewall?
14:12 Final Thoughts
  1. WunderTech
Рекомендации по теме
How to secure 0:24:57

How to secure your Synology DSM

How to Secure 0:33:29

How to Secure Your Synology NAS from Vulnerabilities (2024 SETUP GUIDE #6)

Secure Synology DSM 0:10:32

Secure Synology DSM Settings - How to Secure a Synology NAS (Video 2)

Ransomware Protection: The 0:37:22

Ransomware Protection: The Complete Guide for Synology NAS

Settings EVERY Synology 0:18:50

Settings EVERY Synology NAS should have in 2024 - DSM 7.2

SECURITY — Synology 0:17:00

SECURITY — Synology 2022 AND BEYOND

How to Manage 0:09:40

How to Manage User Privileges on Your Synology NAS

Synology - Updating 0:03:06

Synology - Updating DSM

Synology Webinar 0:22:13

Synology Webinar Network Security Checklist for Storage Deployments

Ransomware Protection - 0:28:40

Ransomware Protection - DSM6.2 | Synology

COMPLETE Synology NAS 1:29:46

COMPLETE Synology NAS Setup Guide (Detailed for Beginners)

manually writing data 0:00:12

manually writing data to a HDD...kinda #shorts

Synology User Permissions 0:10:54

Synology User Permissions - How to Secure a Synology NAS (Video 1)

04 - Synology 0:42:08

04 - Synology Hardening & best practices (Synology Security)

Synology NAS Setup-Soup 0:24:44

Synology NAS Setup-Soup to Nuts!-Part 2 Securing the NAS-EP-201

Synology NAS, How 0:38:30

Synology NAS, How to Safely Access Your NAS Remotely Over the Internet (2024 SETUP GUIDE #7)

Firewalls: Why you 0:03:31

Firewalls: Why you need at least one at the office… and at home!

I HACKED my 0:09:43

I HACKED my Internet Service Provider's router. So I could get rid of it.

Backup, Your Last 0:51:12

Backup, Your Last Line Of Defence Against Ransomware

OPNSense: Protect Your 0:15:13

OPNSense: Protect Your Home LAN With a Transparent Filtering Bridge with Step by Step Instructions

QNAP NAS - 0:32:38

QNAP NAS - Making Your NAS as Secure As Possible

EXPOSE your home 0:09:28

EXPOSE your home network to the INTERNET!! (it's safe)

How to setup 0:08:26

How to setup a Synology NAS (DSM 6) - Part 20: Configuring and using Disk Station Manager Update

CONNECT — Synology 0:19:56

CONNECT — Synology 2022 AND BEYOND

Комментарии
Автор

This is exactly the kind of content I come to YouTube to see: Content that demystifies a complex topic and helps the viewer learn how to get started with a reasonable amount of detail to get started actually doing something useful with the knowledge. Kudos.

gearboxworks
Автор

Another great video, Frank 👍
I will say, that if you have gone to the trouble of setting up a NAS, that you want to access from WAN (and even if you don't), you most definitely should setup the firewall as well.
Also I think it's a good idea to configure specific LAN interfaces, especially if you only use one as most people probably do. Reason being if you accidentally lock yourself out with a rule, you don't have to reset network config, just simply switch interfaces (provided you haven't enabled 'deny access' in each interface ofc.).

blcjck
Автор

Thank you for this important video Frank. I think you just made a very standoffish topic a lot more reachable and feasable. This is huge!

TechMeOut
Автор

Fantastic video Frank. Your presentation is so clearly articulated as always. Love how the Synology firewalls are consistent across all Synology products.

QuikTechSolutions
Автор

For people exposing their nas:
I host some docker services from my nas and I linked my domain to cloudflare where the first filtering happens (location, bots etc.)..
On my nas I only allowed cloudflare IP ranges and only on port 443. The good thing with this is that if my home IP gets scanned all ports are closed.
For internal services that require a certificate/renewal its a bit annoying lifting all these things to make port 80 accessible.

aliasname
Автор

Frank would there be any benefit to "Deny" all traffic on each specific LAN port while you have a "DENY" (ALL) rule at the bottom of your list on the all interfaces tab as well? Just as a secondary safety?

CedroCron
Автор

I use Tailscale to access my DS920+ remotely but with no open ports on the router. I probably don't need the firewall but I set it up anyway. I used very basic rules : Allow all internal network IP addresses, and the 2 or 3 Tailscale IP addresses, and a couple of others. Deny / Allow certain geographic locations. It hasn't caused any problems after several months in use. There appears to be no downside in using the firewall so why not use it.

DavidM
Автор

As security conscious as I am. For many home setups the built in firewall might cause more issues than it is worth.
My home setup is Fiber Modem (which has a firewall active) to my Netgear RAX (which also has a firewall and VLAN)
The first 2 firewalls block everything to my internal network... setting up the firewall on my NAS I think is just overkill
K.I.S.S. is a sensible take here.
Obviously if your network setup is more open, (but why is it so open) then the firewall on the Synology might make sense...

TheCynysterMind
Автор

I'm using your Pihole macvlan setup on my NAS. Does that need any particular setup on the firewall? My firewall is normally off.

johnwatson
Автор

If you configure the firewall so it can be accessed e.g. only from The Netherlands, can one not simply use an VPN like NordVPN or Surfshark to access it?

PatrickBijvoet
Автор

I've been watching your videos probably near the beginning of your channel. While they are very informative and helpful, I have one complaint. It might be in the way you edit your videos, or because you think you have to pass a lot of information in as short a time as possible, you need to slow it down and take a breath. One sub-topic will end and the other jumps right in, or the screens shift to quickly, etc. In my personal career (I am retired), I gave a lot of presentations, and you need to give people a few seconds to absorb what you are presenting. Granted, I can just play it over and over until I feel I got it, but I always feel you are rushing through things. I actually drop the youtube speed to .75 from normal so I can follow along better.
Thanks for the content.

zorka
Автор

Meanwhile, TrueNas still offers no firewall.

johnfr