Strange Firewall Behavior on QNAP TS-230

dingo69

New Around Here
Hi, I'm seeing strange behavior on my firewall: when I turn on my NAS, sometimes the firewall isn't running and has been disabled, but I don't any warnings :/ Sometimes it runs automatically... Using the newest firmware. Up to date app updates.
 

L&LD

Part of the Furniture
Welcome to the forums @dingo69.

What exactly are you calling a firewall on the NAS? I've not noticed a firewall in a QNAP.
 

L&LD

Part of the Furniture
You need to make the NAS vulnerable to use that firewall.

Disable and don't use those features or that app.

Be sure your main router is as secure as possible.

If you need to access your NAS, offsite, use OpenVPN instead.
 

L&LD

Part of the Furniture
If you need to use and open up all those other 'features' to use it, it isn't secure, IMO.

The smaller the exposure your network has online, the more secure it is.
 

dosborne

Very Senior Member
So, I don't need this firewall? Why? It is not secure?
You need to consider where your equipment is located, in the sense that your router is your primary access point to the internet. That is where your primary firewall should be running.

A firewall on your NAS (or your PC, laptop, etc) only performs a very limited function and you should understand the implications of using it, or not, and what it protects you from. Or more importantly, what it doesn't protect you from.

Saying "newest firmware" is just as meaningless for your NAS as it is for your router. QNAP has been rolling out 5.0.x updates almost weekly and then removing them as they are extremely buggy. Please be specific when talking about firmware versions.

IMO, roll back to a 4.5.4 release on the Nas. Also, if you are experiencing issues with something as potentially critical as your firewall, then you should not rely on it. If you stay with your current firmware (whatever it actually is) or if you experience the same issue if you roll back to the last stable build in the 4.5.4 stream, then you should enter a bug with qnap.

In any of the above cases, you should examine exactly what you are exposing to the internet and determine the risk level. If this is a simple Nas behind your normal network protection without a dmz or ports forwarded,, or upnp enabled, then the risk is low and the Nas firewall is probably unnecessary anyway. However, if you have it setup differently, then you could be exposing yourself to a world of hurt (make sure you have backups in any case).

Personally, I don't use the qnap firewall as a) I don't trust it, b) I multi-home my Nas and only expose 2 specific ports on a single interface c) for remote access I use a VPN running on the router.
 
Last edited:

dingo69

New Around Here
You need to consider where your equipment is located, in the sense that your router is your primary access point to the internet. That is where your primary firewall should be running.

A firewall on your NAS (or your PC, laptop, etc) only performs a very limited function and you should understand the implications of using it, or not, and what it protects you from. Or more importantly, what it doesn't protect you from.

Saying "newest firmware" is just as meaningless for your NAS as it is for your router. QNAP has been rolling out 5.0.x updates almost weekly and then removing them as they are extremely buggy. Please be specific when talking about firmware versions.

IMO, roll back to a 4.5.4 release on the Nas. Also, if you are experiencing issues with something as potentially critical as your firewall, then you should not rely on it. If you stay with your current firmware (whatever it actually is) or if you experience the same issue if you roll back to the last stable build in the 4.5.4 stream, then you should enter a bug with qnap.

In any of the above cases, you should examine exactly what you are exposing to the internet and determine the risk level. If this is a simple Nas behind your normal network protection without a dmz or ports forwarded,, or upnp enabled, then the risk is low and the Nas firewall is probably unnecessary anyway. However, if you have it setup differently, then you could be exposing yourself to a world of hurt (make sure you have backups in any case).

Personally, I don't use the qnap firewall as a) I don't trust it, b) I multi-home my Nas and only expose 2 specific ports on a single interface c) for remote access I use a VPN running on the router.
well, my NAS is used only @ my home. Yes, it is connected to my main router (AC86U + merlin firmware) So, My router has a firewall so it also secures my NAS?
 

L&LD

Part of the Furniture
Yes, that's one of it's main purposes. To secure the network within.
 

L&LD

Part of the Furniture
Normally, I'd agree.

But if the firewall requires the extra services to be enabled, you're left with far less security than without it.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top