Trouble allowing external access through TZ270 to a Synology NAS.
I have a Synology RS816 NAS, that I allow access to both internally and externally. It is up and running now, but I need to put in a better firewall.
Network now: Internet --> (WAN IP) ISP Modem (LAN GW: 10.1.10.1) --> NAS (10.1.10.177)
It open, and working with the ISP modem doing very little in the way of firewall protection.
If I configure and drop the SonicWall in place:
Internet --> (WAN) ISP Modem (GW: 10.2.10.1) --> (10.2.10.2) SonicWall TZ270 (GW: 10.1.10.1) --> NAS (10.1.10.177)
SonicWall is running ver. 7.x
I've been on the phone with SonicWall support, and I've followed this documentation: https://www.sonicwall.com/support/knowledge-base/how-can-i-enable-port-forwarding-and-allow-access-to-a-server-through-the-sonicwall/170503477349850/
Support assures me the sonic wall is configured correctly, but this does not seem to be the case. The connection from outside is never allowed through.
According to Synology the ports I need to forward for their Drive server are TCP ports 80, 443, 5000, 5001 and 6690.
My question is, has anyone here successfully gotten access to a Synology NAS to work and if so, what sort of config did you use?
I would suggest explore using VPN to secure communication and not externally exposing your NAS, it will get hacked..
are you using routed mode or bridge mode on ISP modem?
if you are using routed mode. you have to change management ports 80/443 tcp on firewall and forward TCP 80, 443, 5000, 5001 and 6690 ports modem to Firewall.
VPN is the end goal. But I have a couple users that I cannot get VPN setup on their laptops for abit and they need access until I can.
If this is the only option, hesitantly - I would suggest adding the ports TCP 5000, 5001, 6690 as service-objects and then running throught the public server wizard and selecting Web Server and then adding the new service objects for 5000,5001 and 6690.
After this, you should add an inbound access rule allowing ONLY the trusted source IP addresses (as address-object) to access the resource.