Menu
Cart

Firewall Essentials for Synology NAS Security

Firewall Basics for Synology: Keep Your NAS Safe from New Attacks

Cyberattacks on NAS devices have become much more common in the last few years. Ransomware groups now look for storage systems that are open to the internet, crack weak passwords, and take advantage of services that are set up wrong. When set up correctly, Synology NAS platforms are still safe, but the default settings alone aren’t enough anymore in 2026. 

One of the best ways to protect your data from the public internet is to set up a firewall correctly. See why Synology firewall rules matter for NAS security.

Why NAS Devices Are More Popular Than Ever

Storage systems are good targets because they store backups, business documents, virtual machines, and media archives. Attackers know that encrypting or stealing this data makes victims pay up quickly.

Some common threats today are:

  • Automated login attempts with brute force
  • Taking advantage of open management ports
  • Attacks using open SMB or WebDAV to hold your computer hostage
  • Botnet scans that look for open DSM ports

A NAS is easy to get into if it doesn’t have multiple layers of security. Learn what a Synology NAS is and how it works.

Set up and turn on the built-in Synology firewall

Control Panel > Security in DSM has a built-in firewall. In newer versions of DSM, firewall rules are more specific and easier to handle.

Some best practices are:

  • Deny all by default
  • Allow only certain IP ranges
  • Limit management ports to networks inside the company
  • Make different rules for VPN access

Don’t leave DSM management ports open to the public internet. Instead, use a secure VPN to get to the NAS.

Stop brute-force attacks and login abuse

Modern attack tools automatically try out thousands of login combinations. Account protection and auto-block features are always on in DSM.

Set up:

  • Automatic blocking of IP addresses after failed login attempts
  • Policies for strong passwords
  • Authentication with two factors
  • Protection for the login page

Another useful layer is geo-IP blocking. If your business only works in one country, block login attempts from areas that are known to be dangerous.

When you can, don’t use port forwarding

In the past, a lot of people had to use manual port forwarding to get to NAS services from a distance. This method is risky today unless it is carefully controlled.

Some safer options are:

  • Synology VPN Server gives you VPN access.
  • Reverse proxy with SSL and management of certificates
  • Safe tunneling options

If you have to use port forwarding, only allow it from certain IP addresses and turn on HTTPS with modern TLS encryption.

Update DSM and Packages

Firewall rules by themselves can’t keep software from being vulnerable. Keep DSM and the packages you install up to date.

In the last few years, there have been a number of high-profile security holes in NAS software platforms across the board. Synology regularly releases security patches, but administrators must apply them right away.

Turn on automatic update notifications and check security advisories on a regular basis.

Network Segmentation for More security

Put the NAS in a safe VLAN instead of the main user network for business use. Only allow access to services that are needed.

If one part of the network gets hacked, separating storage, workstation traffic, and guest networks makes it less likely to affect the whole network.

Segmentation is now easier than ever thanks to modern routers and managed switches. It also makes security much better. See how Synology router firewall rule updates improve network security.

Keep an eye on logs and alerts ahead of time

You need to keep an eye on your firewall for it to work. DSM lets you keep an eye on logs and get email alerts.

Look out for:

  • Repeatedly failing to log in
  • Unexpected attempts to get into a country
  • Traffic spikes out of nowhere
  • Strange service activity

Early detection often stops big problems from happening.

Hardware Firewalls and Synology Firewall

Hardware firewalls protect an entire network by filtering incoming and outgoing traffic at the gateway level, blocking unauthorized access before it reaches internal systems. Explore the best hardware firewalls for protecting home NAS networks.

Synology NAS devices also include a built-in firewall within DiskStation Manager (DSM) that adds another layer of security by controlling which IP addresses, ports, and services can access the NAS.

When used together, hardware firewalls and Synology’s internal firewall create a layered defense strategy that helps safeguard business data from external threats and unauthorized network activity. Compare hardware firewalls and Synology firewall protection to see differences.

Security Benefits That Are Unique to Synology

Security Advisor scans, encrypted shared folders, snapshot immutability, and secure certificate management are some of the extra layers of protection that Synology DSM offers. Snapshot Replication makes ransomware less likely to work by keeping point-in-time versions of data that attackers can’t easily change.

When you add strong authentication and snapshot-based recovery to firewall configuration, a NAS becomes much less vulnerable to modern threats.

About Epis Technology

Epis Technology helps companies set up Synology environments that are more secure and in line with current cybersecurity standards. The team makes firewall rules, safe ways to access the network from afar, ways to split up the network, and ways to check backups. They also combine NAS deployments with Microsoft 365 protection and hybrid cloud replication to make sure that business goes on as usual. Organizations get structured monitoring and proactive defense planning instead of having to deal with problems after they happen.

Related Posts