You need to consider where your equipment is located, in the sense that your router is your primary access point to the internet. That is where your primary firewall should be running.So, I don't need this firewall? Why? It is not secure?
well, my NAS is used only @ my home. Yes, it is connected to my main router (AC86U + merlin firmware) So, My router has a firewall so it also secures my NAS?You need to consider where your equipment is located, in the sense that your router is your primary access point to the internet. That is where your primary firewall should be running.
A firewall on your NAS (or your PC, laptop, etc) only performs a very limited function and you should understand the implications of using it, or not, and what it protects you from. Or more importantly, what it doesn't protect you from.
Saying "newest firmware" is just as meaningless for your NAS as it is for your router. QNAP has been rolling out 5.0.x updates almost weekly and then removing them as they are extremely buggy. Please be specific when talking about firmware versions.
IMO, roll back to a 4.5.4 release on the Nas. Also, if you are experiencing issues with something as potentially critical as your firewall, then you should not rely on it. If you stay with your current firmware (whatever it actually is) or if you experience the same issue if you roll back to the last stable build in the 4.5.4 stream, then you should enter a bug with qnap.
In any of the above cases, you should examine exactly what you are exposing to the internet and determine the risk level. If this is a simple Nas behind your normal network protection without a dmz or ports forwarded,, or upnp enabled, then the risk is low and the Nas firewall is probably unnecessary anyway. However, if you have it setup differently, then you could be exposing yourself to a world of hurt (make sure you have backups in any case).
Personally, I don't use the qnap firewall as a) I don't trust it, b) I multi-home my Nas and only expose 2 specific ports on a single interface c) for remote access I use a VPN running on the router.