Video I mentioned in regards to Configuring pfsense Firewall Rules For Home kzbin.info/www/bejne/mJvVYaWjbpiojKM More Lawrence Systems Synology Tutorials lawrence.technology/synology/ Getting Stared with pfsense firewall rules kzbin.info/www/bejne/m5OUoYepbL2Uo6M How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense kzbin.info/www/bejne/mGPaYoytqZVrZ9E Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense kzbin.info/www/bejne/paakg6VjacibgJo

Awesome that you made this video. Earlier this year I set my firewall rules on my Synology interfaces similar to what you specify for extra security on my network segments. Your guidance has been life-changing to many sir.

I enjoy these firewall rules and VLAN videos, I find out how little I really know

Great additional security settings i've never thought about. Thanks for this eye opener 😁.

10.13.37.0 is certainly the leet network lol. Great vid as usual, thanks for making this!

Perfect timing Tom, I was just days ago pondering the best way to setup my cameras and Synology and you provided a great solution. Thanks and Happy holidays, Ron

Nice. Clear and well presented. Thanks, Tom.

That was the best explanation of how to firewall rules on the Synology! Thanks

Thanks for this, Tom. Happy New Year!

Excellent - just what I've been waiting for. Many thanks Tom.

Thanks for doing the video as requested. Very useful.

Nice summary video. You mentioned the camera network use case, I would love to see an overview of Synology Surveillance Station and a video comparing to UniFi Protect. I'm contemplating the two but thinking since I already have a mid range Synology that Surveillance Station will probably be the better option due to camera costs from Ubiquiti but haven't decided yet and don't yet understand what is needed to get started with S.S. such as licensing. Thanks for the great content!

I love this video, Tom. Thank you so much for doing this. I admit I had never considered using multiple interfaces on my Synology for anything other than aggregation (what a dope!) This is a brilliant use, and I hope to implement this soon! I also loved your pfsense video on this, even though I don't use a pfsense router. It gave me a ton of ideas for how to better secure my home network, which I'm always looking for! Thank you once again!

you're a good teacher.

Nice tutorial, thanks Lawrence.

Great video Lawrence Sys. I use Qnap. I imagine it's similar, given the 2 interfaces. Digging in. Thanks for this!

If you need to open ports to the internet, you can limit access from a specific country (your country) through the firewall.

Hi Tom, thank you for the greate Video ! If you want to add another layer of security. You can moddify the "Admin Group" and allow the "DSM" application only from certian subnets. be carefule to not lock you out ;-)

So if traffic happens, and the top rule allows it, any rule below it that may deny it, doesn’t count. It goes by the first rule from the top that it ever matches with?

Thanks Tom, Great video - when the trusted network also has access to the Synology on the less trusted network, does that potentially cause asymmetric routing?

Your video makes my day.....thank you

So I ask myself, where the difference is in between having a firewall on the system or the firewall on another point in the network, except from network congestion. Maybe you can explain that to me abut further?

Great video Tom Tnx.

Hi tanks for this very informative video. Can you do something like that for truenas? Happy new year!

Thank you for this.

Very informative.

I struggle with wanting to be able to look at my cameras remotely, so they need access to the internet, but I don't want China ;-) getting into my LAN which obviously begs for the cameras to have their own interface, but also complicating this scenario is that I have my cameras FTP'ing motion triggered video clips to my NAS. Currently, I have those going to an older NAS which I'm not that concerned about, but I may need to eventually move that backup to my Synology NAS.

On Synology's part it would be useful to just shortlist the ports/interfaces that are in use when your making the firewall rules.

So I have LAN1 as my secure network for accessing Synology. LAN2 (which is my IOT network) I have blocked as per your video. The issue I'm having though, is now when I'm on my IOT Wifi, I cannot use Photos Mobile backup. I need to switch over to my secure WiFi in order to backup my photos. Any idea on how I can stay on my IOT Wifi and get Photos Mobile through the Synology Firewall?

If I'm not opening up the NAS to the internet then wouldn't it be easier to manage firewall rules on the router?

Great video, but this LAN 4 firewall rules only works if you have all cameras on separate PoE switch connected to LAN 4 interface of Synology right?

NOT secure is that the 2nd NAS can be accessed freely by devices from the 192 subnet ... an attacker can place malicious files on the 10 subnet NAS that are then synced back into the 192 subnet (or restored after the 192 NAS fails)

You can leave first interface for management and then bond 3 other interfaces as LACP, then create any number of VLANs on top of aggregation. Unfortunately Synology GUI only allows you to create one VLAN, extra can be added using SSH ... GUI will show all VLAN interfaces, but all will have same name ...

I’m curious to if there a specific reason to use the Synology’s firewall compared to your pfsense box? What are the pros and cons? Are there any limitations in any of the methods? I use an EdgeRouter with VLANs, and use the router’s firewall to block/allow access to, for instance, the Synology unit’s management interface. By the way, I have no cameras (which someone in another comment mentioned could burden the router’s firewall; if choosing that option). Thanks for the video, Tom!

Thank you, Tom. Great and useful video content, as usual. I was interested which software you used to draw the network design and if there was a free version of it? Cheers!

I just cannot separate the downloadstation, filestation, etc from the management UI. I just cannot block only the management-ui. Kind of useless for me with that all or nothing approach. But thanks

The only down side i can find is that it sends camera traffic through the firewall which means it will waste a bit of bandwidth, especially if you're using high-res cameras with h264. In my case it uses about 30 mbit constantly, but I have quite a few cameras.

Great video. Rather than use the 2 Synology ports separately as described, would it be possible or advantageous to setup Link Aggregation with the 2 ports and then create a vLAN for the Less Trusted Network?

This video came right on time. Just setting up some VLANs and was wondering how to set up my Synology. Do you know of a way to get Plex to use the second nic?

Thank you.

Would I be secure if I dont forward any ports on my router to the Synology NAS. In other words, I would only have local access right?

Sorry but you need to explain more basic and slow. I assume this tutorial is for beginners?