In this video we take a look at how you can enable and configure the Firewall built into Disk Station Manager (DSM). At the beginning of this video we take a quick look at what a Firewall is, and why you might want to enable it on your Synology NAS.
We then run through the configuration of the Firewall rules for our NAS. So because the NAS seen in this video is the same NAS we have been configuring for our series of videos. The Firewall rules that we create, apply to all services and applications that we have previously configured on our NAS.
As your NAS may not have been configured in the same way as the NAS seen in this video. Please note that if you enable the Firewall on your NAS. Access to your NAS might be effected until you have correctly configured your Firewall.
Notes: The Firewall on our NAS is designed to monitor and control both the incoming and outgoing data on our NAS. While you don’t have to enable the NAS Firewall. It can be useful to prevent devices inside of our home network from trying to make unauthorised connections to our NAS.
Quick reference notes:
- Log into Disk Station Manager (DSM) with administrators privileges
- Select Control Panel – Connectivity – Security – Firewall
- Within General, check the tick box next to Enable Firewall
- Enable Firewall notifications
- Create a Firewall Profile.
- Select Edit Rules
- Create your Firewall rules
Firewall rules created:
| Application | Ports | Protocol | Source | Action |
| Management UI | 5000,5001 | TCP | All | Allow |
| Synology Assistant | 1234, 9997, 9998, 9999 | UDP | All | Allow |
| Windows File Server | 137, 138, 139, 445 | TCP | All | Allow |
| WS-Discovery | 5357, 3702 | TCP/UDP | All | Allow |
| Bonjour | 5353 | TCP | All | Allow |
| Web Station, Photo Station Audio Station | 80, 443 | TCP | All | Allow |
| DLNA/UPnP Media Server | 50001, 50002, 1900 | TCP/UDP | All | Allow |
| Video Station | 9025 – 9040 | TCP/UDP | All | Allow |
| All | All | All | All | Deny |
Notes: Make sure that the Firewall rule, Management UI is always at the top of your list of rules. Management UI is the service that allows you to access the DSM from within a web browser. If Management UI is below your Deny All rule. You will not be able to access the settings on your NAS.
- After creating your rules select Apply
- You now need to test that you are still able to access all of the application and services that you have installed on your NAS
Reference materials:
- Synology Support – Firewall
- Network Ports used by Synology NAS – Synology NAS Ports
- Comodo website – What is a Firewall
- Article from Wikipedia – What is a Firewall
- Article from Wikipedia – What is a Port
