Asus firewall delays connections from outside?

[protoncek]

I have somewhat strange issue: my router is RT-AX88U pro. I also have Synology NAS and running reverse proxy there, so port 443 is forwarded to synology internal IP. This way i access my "stuff": Home Assistant, synology portal, cameras etc. I experience occasional delayed first access ( 5+ seconds) , but i narrowed it down to the fact that it only happens if asus firewall is turned on. If i turn it off access is immediate. As said, this delay happens only at first access after a while. When first page opens after this delay all runs smoothly afterwards.
What's even worse: this doesn't happen all the time, only every now and then. But when it does it can happen that i must refresh site even two or three times before i get access.

Does this makes any sense at all? And, how "unsafe" it is to have this firewall turned off? I have AdGuard Home running on my Asus, too, but that's not the problem (at least it doesn't seem to).
Oh, i should also mention that i also have firewall turned on in Synology, but honestly i didn't try to turn it off, because all works if i turn off asus one... is having two firewalls turned on be a problem?

 

[ColinTaylor]

Do NOT turn off the Asus' firewall. You would be exposing the router to everyone on the internet.

 

[protoncek]

Yeah well... that's why i'm wondering what to do instead of this...

 

[bbunge]

Yeah well... that's why i'm wondering what to do instead of this...

Use a VPN to connect to the NAS instead of port forwarding. Your router has several VPN servers you can enable. You also do not need a firewall on the NAS inside your LAN.

 

[protoncek]

I do have vpn (two actually, openvpn and wireguard) and i use it for router access, admin Ha management etc... but for "common users" it's not an option. Others ( sister, niece, nephews... ) are using ha, too, and it's difficult to use vpn there. I tried, but it happened that my internet went down and consequently my niece was suddenly without phone internet, since she didn't know how to turn it off...
On the other hand, i'd like to find the cause of the problem, not use a "workaround". I can't find any asus's firewall settings... where are any kind of default white and blacklists...?

 

[ColinTaylor]

On the other hand, i'd like to find the cause of the problem, not use a "workaround". I can't find any asus's firewall settings... where are any kind of default white and blacklists...?

There aren't really any firewall black/white lists that you could edit. By default (with the firewall on) all outgoing traffic is allowed and all unsolicited incoming traffic is blocked. But that block is only for traffic destined for the router itself, not for anything on your LAN (like your NAS).

When you forward port 443 from the router to your NAS (WAN - Virtual Server / Port Forwarding) the router's firewall doesn't do anything other than forward the traffic. You say that even when the firewall is enabled the problem is intermittent, so I suspect that's also the case with the firewall off but you haven't run it like that for long enough to notice the same behaviour? So I suspect this is a NAS problem rather than a router problem.

Can you confirm my assumption that you have manually configured port forwarding on the router and disabled UPnP on the NAS?

Is it possible the random delay in first access is down to the NAS being in power save mode, or the HDDs having spun down or unmounted?

I've come across situations where an initial connection delay was caused by the server being unable to do a reverse DNS lookup on the IP address of the connecting client.