What's new

NAS security help.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am not sure I understand what a 'bridged' 10GbE or 1GbE connection is?

Maybe this bridge is what is the cause of the speed reduction?
One IP connection 'bridged' across 2 hardware RJ45 ports for increased transfer speeds. A supported feature for this Synology NAS.
 
Use non-standard ports, so bot traffic will not constantly hit it.

Also if your router supports it, set up your port forward to only allow traffic from your work's IP address. This is possible with Asus routers, don't know about other manufacturers.

I use these two methods here to secure remote access to my own NAS (to which I have a VPS dropping weekly backups over FTP).
 
I am not sure I understand what a 'bridged' 10GbE or 1GbE connection is?
Usually, and presumably in this case, also known as port trunking or port aggregation, depending on the manufacturer.
 
One IP connection 'bridged' across 2 hardware RJ45 ports for increased transfer speeds. A supported feature for this Synology NAS.

For the NAS at home used as a backup, I'm sure that is not needed. Particularly if it is the only device on the network.

At your business though, are you seeing improvement from the Port Trunking/Aggregation? If not, I would disable it there too.

I am pretty sure that what you have is faster than even an RT-AC68U or RT-AX88U can do over OpenVPN.

Your RT-AC86U at the office is the limiting factor.

Your best way forward is to get OpenVPN working on both of your NAS'.
 
Not sure about Synology specifically,but in general, the vpn implementation in the NAS units I've seen sucks, is old, and full of vulnerabilities, degrades performance, few options. I stick with running it on the router (best placed to protect your network) or move it to its own hardware such as the RPi4.
 
I think these units may be above both our initial expectations. :)

 
For the NAS at home used as a backup, I'm sure that is not needed. Particularly if it is the only device on the network.

At your business though, are you seeing improvement from the Port Trunking/Aggregation? If not, I would disable it there too.

I am pretty sure that what you have is faster than even an RT-AC68U or RT-AX88U can do over OpenVPN.

Your RT-AC86U at the office is the limiting factor.

Your best way forward is to get OpenVPN working on both of your NAS'.
Thanks again for your input. You may be correct about the aggregation on my home unit. The aggregation on the business unit is necessary though for sufficient bandwidth to serve video to multiple edit machines at once.

TBH I'm not too bothered about the transfer speed between units currently, my focus is ensuring my home unit is secure.
 
number 4 below might be a winner. just posting some changes I made on my NAS that I can see.

1 Merlin mentioned non standard ports.
2 disable the default admin user and create a new admin. You can use 64 characters for user if you'd like :)
3 enable the auto block.
4 allow/block IPs.
1.jpg2.jpg3.jpg4.jpg
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top