Synology NAS Setup & Configuration Guide!

Today we are going to look at how to setup a Synology NAS on DSM!

This will be a long tutorial that will have many different components in it, but I’ll do my best to break it down by section. I want to highlight that everything in this tutorial isn’t mandatory, but it’s a good starting point where you can pick and choose what you’d like to implement.

The items listed in pink are new additions with full tutorials/videos. These will open in a new window.

1. Synology NAS Initial Setup

We will quickly discuss how to setup a Synology NAS. Ensure that your NAS is plugged in and has internet access before proceeding.

1.1 How to Find and Setup your Synology NAS

1. Navigate to the website http://find.synology.com and wait for your device to be found. DHCP will automatically give your DiskStation an IP address.

synology nas setup

2. Accept the End User License Agreement and select Set Up.

3. Select Install Now.

synology nas setup

4. DSM will now inform you that all data on your hard disks will be erased. Check the box and select OK.

5. DSM will install and reboot when finished. After a few minutes have passed, open a new tab and navigate to http://find.synology.com. Your DiskStation should show up and you will be able to connect.

6. Give your DiskStation a Server Name, Username and Password.

synology nas setup

7. The next step will ask you to configure QuickConnect. You can do this at a later time if you’d prefer.

8. Select Go. Congrats, you’ve officially setup your Synology NAS and DSM is now installed and accessible!

1.2 How to Change the IP Address of your NAS (Static IP)

The first thing that I always do when I setup my Synology NAS is change the IP address so that it’s always the same. It’s best to make a DHCP reservation in your router’s configuration, but a lot of ISP-provided routers don’t allow you to do that. If you can’t reserve a DHCP address, check to see if you can limit the addresses your DHCP server can give clients (<150, for example). Follow these instructions if you’d like to change the IP address from DSM.

1. Go to the Control Panel and select Network Interface. Select Edit on the LAN device.

synology nas setup

2. Select Use manual configuration and enter the IP Address you’d like to use. The subnet mask, gateway, and DNS server can all stay as default (since they were pulled from DHCP). Select OK. Your network settings will apply and your DSM session will refresh with your new IP address.

NOTE: A lot of Synology NAS’s have multiple ethernet ports. If you’ve plugged in more than one ethernet cable, you’ll need to set distinct IP addresses for each LAN interface.

synology nas setup

2. Storage Pool, Volume and Shared Folder - Ultimate Synology NAS Setup Guide

Most people buy and setup a Synology NAS intending to create network folders for various reasons. To create a shared folder in DSM, you need to first create a storage pool and volume. After that’s done, you can create as many shared folders as you’d like!

2.1 How to Create a Storage Pool

1. Open the Storage Manager and select Storage Pool.

synology nas setup

2. Select Create. At this point, you will be brought to a few different options and most are user-specific, meaning what you select is based on what your needs are. I will be creating an SHR storage pool for future flexibility.

synology nas setup

3. Give your storage pool a description if you’d like, select the RAID type you will be using and select Next to proceed.

synology nas setup

4. Select the Hard Drives (generally all of them) that you’d like in this Storage Pool and select Next. NOTE: you can always add drives later and expand your storage pool/volume.

synology nas setup

5. You will be prompted that all data on the drives will be erased. Select OK.

synology nas setup

6. The next option will ask if you’d like to perform drive checks. Make sure Yes is highlighted and select Next.

synology nas setup

7. Click Apply and your storage pool will be created. Depending on the size of your drives, it will take a little while to verify drives (this will be done in the background).

2.2 How to Create a Volume

Now that our storage pool is created, we can create a new volume which is where our shared folders will be stored.

1. Open the Storage Manager and select Volume. Click Create to create a new volume.

2. Custom will be highlighted. Click Next.

3. Select Choose an existing storage pool and click Next.

4. Select the Storage Pool that you created in an earlier step and select Next.

5. The next section will ask you to create a file system. If you’re using a NAS that supports btrfs, you should always select it (unless you have a good reason not to). However, not all NAS products support btrfs. In that case, ext4 is fine.

6. If you’d like to allocate this volume as having a certain amount (total size) of the storage pool, you can modify it here. If not, select Next.

7. Click Apply.

Your storage pool and volume are now created. It will take a little while for your volume to complete the creation process, but it’s generally dependent on size. At this point, a storage pool and volume have been created which means you can create a shared folder!

2.3 How to Create a Shared Folder

After the storage pool and volume is created, we can now create a shared folder. Shared folders are the backbone of NAS units and are what you’ll store all your files on!

1. Open Control Panel and select Shared Folder.

2. Select Create. A new dialogue box will appear where you’ll need to change a few settings:

  • Name: Name of the Shared Folder.
  • Description: Description you’d like to use.
  • Location: Volume you’d like to use.
  • The next three options are personal preference based on if you’d like the folders visible to others and if you’d like a recycle bin enabled (so files aren’t deleted permanently).

3. The next screen will ask if you’d like to encrypt the shared folder. If you would, select the checkbox and enter an encryption key.

  • A few things to note with encrypted files: Encrypted files work by mounting/unmounting them with the encryption key (password) in DSM. When you mount the folder, it functions the same way as other shared folders do. It simply gives you the option to unmount the shared folder when you’re done adding files. When the drive is unmounted, no one can access the files until you mount the folder again. If you lose the encryption key, your files will be lost forever. Keep it somewhere safe!

4. Enable data checksum (if applicable) and file compression/folder quota if you’d like. Select Next.

5. Select Apply.

6. After the folder is created, you will be brought to the folder’s permissions. Change the permissions to match what you’d like. Your folder is now created!

3. Data Protection & Monitoring - Ultimate Synology NAS Setup Guide

Now that a storage pool, volume, and shared folder are created, we need to change a few settings to protect and monitor our data.

3.1 How to Setup a Data Scrubbing Schedule

Data scrubbing inspects your volumes and modifies detected inconsistencies. In simple terms, this protects your NAS against bit-rot. There isn’t a specific schedule that’s mandatory, but it’s a good idea to run it at minimum, bi-annually.

1. Open Storage Manager, select Storage Pool, then Data Scrubbing. Then select Set Schedule.

2. Select Enable Data Scrubbing schedule, select a Frequency and Start Date.

3. Select a Target for this schedule, check off the storage pools you’d like this to run on, and then select OK to proceed.

3.2 How to Configure Snapshots

The easiest way to think of snapshots is that they “freeze” your files in time and allow you to recover those files later if necessary. Every time a snapshot is created, a “restore” point is created, which allows you to recover files/folders from a point in time. The best part about this is that the snapshots themselves take up very little space and give you tons of flexibility!

1. Open the Package Center, search for Snapshot and install the Snapshot Replication package.

2. When the install finishes, launch the Snapshot Replication application. Select Snapshots and select settings on the folder you’d like to schedule protection for.

3. Enable the snapshot schedule. At this point, there are two final settings you’ll need to check:

  • Retention: Select how many snapshots you’d like to retain. Depending on the file type (and size), you’ll most likely have different retention policies for different folders.
  • Snapshot Visibility: If you would like snapshots to be visible, select the checkbox under the Advanced section.

After the snapshots have been configured, your system will start to create snapshots regularly. When the retention policy hits its maximum, old snapshots will be deleted. Your files are now protected! Keep in mind – this is not a backup.

3.3 How to Setup a Recycle Bin Task

By default, the recycle bin will retain files until you empty it. However, there’s an easy way to set up a schedule so that your NAS automatically deletes these old files after a certain period of time.

1. Open Control Panel and select Task Scheduler.

2. Select Create, then Scheduled Task, then Recycle Bin.

  • General: Enter a Task Name.

  • Schedule: Specify when you’d like the task to run.

  • Task Settings: Specify if you’d like all recycle bins to empty or only specific ones.
    • Retention Policy: This is an important step! I retain all deleted files for 14 days, but this is completely personal preference. This setting specifies when files are deleted. There are also advanced settings you can check.

This is very important because when you’re using a NAS, you generally have data rotating like snapshots and backup files. This means that if you don’t set up a recycle bin emptying schedule, your old files will pile up and take up unnecessary space. A small step that really helps!

3.4 How to Setup the Storage Analyzer

The storage analyzer allows you to see what files/folders are taking up space on your NAS and if any duplicates exist. It’s a powerful tool that periodically comes in handy.

1. Open the Package Center, search for Analyzer, and install the Storage Analyzer package.

2. When it’s done installing, open the package. You will be asked to specify a location to save your reports. Select Yes. Specify a location to save your reports and the frequency you’d like reports generated.

3. A wizard will then start that assists you in the creation of the scheduled task. Give your report a name and specify the total number of reports you’d like to keep.

4. Keep all Report Types selected (unless you don’t want specific ones generated) and click Next.

5. Specify when reports should be generated and if they should be generated now.

6. At the next screen, you’ll be brought to a page where you can select individual shared folders. It’s best to keep the default option Automatically include all existing and future shared folders selected and proceed.

7. Keep the default values for duplicate files and proceed.

8. Click Apply. Your task is now created!

This might not seem important on the surface, but understanding how your storage is being used is integral!

3.5 Uninterruptible Power Supply (UPS)

If your data is important to you, a UPS is the cheapest security blanket you can buy. It ensures that consistent power is delivered to your NAS and in the event of a power outage, it can safely power down your NAS. If you don’t have a UPS, it requires an additional purchase, but in my opinion, it’s well worth it. Here is a link to my favorite UPS (that I own). If you’d like to buy a UPS, but spend a little less, here is another great option which has USB data transfer as well so it can automatically turn off your NAS! When you purchase a UPS, plug in the USB cable to your NAS and enable UPS support (Control Panel, Hardware & Power, then UPS).

NOTE: If you’ll only be using a UPS for your NAS, this option is more than capable! Save the money as you don’t need anything more!

When you get your UPS, follow these instructions to configure it.

1. Open Control Panel, Hardware & Power, then UPS.

2. Enable UPS support. You can then configure the time before your NAS enters safe mode, and even shut down your UPS if you’d like.

Synology NAS Setup

4. Security - Ultimate Synology NAS Setup Guide

The security of your NAS is incredibly important. I am going to go over a few basic settings that can be changed to secure your NAS. It’s important to note that cybersecurity is always evolving and staying up to date with best practices is important. These are things I normally change, but depending on your needs, you can potentially secure your NAS even further.
If you aren’t exposing your NAS to the internet, some of these settings won’t affect you. However, it’s still a good idea to change them. If you are exposing your NAS to the internet, these settings are mandatory!

NOTE: to see security, you will need to go into the advanced mode of your Control Panel (top right).

4.1 How to Setup Synology NAS DSM Update Settings

If you do nothing else, installing Synology’s newest updates should at the top of your list. Not only do you get new features, but more importantly, you get the newest security enhancements.

1. Open Control Panel and select Update & Restore.

2. Select Update Settings and Automatically install the new update. Pick a date and time (preferably during the middle of the night) that updates will install.

Synology NAS Setup

4.2 How to Change Default Ports

By default, Synology sets the default HTTP port to 5000 and the default HTTPS port to 5001. I always change these ports as it’s a good security practice to do so. If you don’t intend on exposing your NAS to the internet, I wouldn’t say it’s necessary, but if you do intend on exposing it, I would change these ports.

1. Go to the Control Panel and select Network. Select DSM Settings and change the default ports from 5000/5001 to the ports of your choosing. After making the change, DSM will restart your web server. NOTE: Make sure the ports you picked are not currently being used.

Synology NAS Setup

4.3 How to Enable Denial-of-Service (DoS) Protection

A Denial-of-Service (DoS) attack’s purpose is to shut down your machine or network making it inaccessible. Synology has an easy way to protect against this.

1. Open Control Panel and select Security.

2. Select Protection and enable DoS protection. NOTE: you will need to do this for every network interface that you have.

Synology NAS Setup

4.4 How to Configure Auto Block

1. Open Control Panel and select Security.

2. Select Account. Ensure Enable auto block and Enable Account Protection is selected. These are somewhat redundant, but it can’t hurt to have both on.

Synology NAS Setup

4.5 How to Setup the Synology NAS Firewall

Synology’s firewall monitors incoming and outgoing network traffic and permits or blocks data packets based on the security rules defined. This is incredibly important, as this firewall will be what determines which traffic should be permitted to your NAS.

Firewall rules are completely dependent on what you’re using. Meaning that someone who is using SSH will have an “allow” rule for SSH, while someone who isn’t will block it. For this reason, I can’t go over exactly what you should add, but I will go over a few fundamentals.

  • Firewall rules are executed top to bottom. Meaning that all “allow” rules must be at the top of the list, with a “deny all” rule at the bottom. When traffic enters the NAS, it will go through the list and if it isn’t explicitly permitted, the “deny all” rule will block traffic. TLDR: put your allow rules at the top and the deny all rule at the bottom.
  • You shouldn’t open ports to applications you aren’t actively using. For example, you might have SSH enabled, but it’s a good idea to turn off SSH when you’re done and to remove the “allow” firewall rule.
  • As you add new packages to your NAS, new “allow” rules will need to be created. Your NAS will generally inform you that you need to create a new rule when you finish installing/configuring a new package.

Firewall Instructions

1. Open Control Panel and select Security. Select Firewall and Enable the firewall. When done, select Edit Rules.

Synology NAS Setup

2. At this point, you will need to create rules that allow traffic into your NAS. The first thing you need to ensure is that you allow traffic to DSM. Select Create and when the firewall rules criteria appears, check off select from a list of built-in applications. Select the Management UI checkboxes, click OK, and then add the rule.

  • NOTE: Technically, you only need to create one “allow” rule which is a combination of all of the ports that you’d like permitted. However, if you want to allow traffic to certain ports by IP subnet (for example), you should have one rule per service/application. TLDR: create one rule per application so that you can easily manage them.

Synology NAS Setup

3. Go through all of the applications and ensure that you are allowing traffic where necessary.

4. At the bottom (as your last rule), create a “deny all” rule.

Synology NAS Setup

5.  When you’re done adding all of your rules, Apply your changes.

Synology NAS Setup

Your firewall is now activated! This is something that you will constantly have to maintain by adding new rules and removing older ones no longer needed. Remember, cybersecurity must be maintained! Unfortunately, “set it and forget it” won’t work in this case.

4.6 How to Enable Two-Factor Authentication

I know…it’s annoying, but it works. Two-factor authentication ensures that if your password is compromised, you have an additional layer of security that ensures your account cannot be accessed.

1. Select the Person icon in the top right and select Personal.

2. Select Enable 2-step verification. The email service will need to be enabled for this. You can learn how to configure Gmail to send email notifications here.

Security: Notes

These are simply suggested approaches to securing your NAS. Ultimately, exposing your NAS to the internet is an inherent risk that makes the security practices above (and potentially more) mandatory. If you don’t want to use QuickConnect, consider setting up a VPN so that you can only allow traffic to your NAS from internal IP addresses.

5. Additional Recommendations - Synology NAS Setup

I didn’t create full tutorials for these items, but these are a few things I’d suggest considering. If you’d like written instructions for any of these, leave a comment!

5.1 Synology's QuickConnect

QuickConnect allows you to access your NAS from outside of your network. This is Synology’s way of ensuring you don’t need to open ports to your NAS to access your data externally. I don’t use this, but there’s nothing wrong with using it. The way that I access my data from outside of my network is through my VPN. Keep in mind that if you do use this, technically, you’re trusting Synology’s ability to secure your data. Look into configuring a VPN Server on your NAS if this bothers you.

5.2 Dynamic Domain Name Service (DDNS)

Having a DDNS hostname ensures that you are always connecting to your external IP address. Most providers assign dynamic external IP addresses to clients which means that your current external IP address might not be the same tomorrow or two weeks from now. Synology provides a free “synology.me” DDNS hostname (which I use on my production server), but if you’d like to use DuckDNS instead, I wrote up a tutorial on how to configure it.

5.3 Rsync Service

If you have Linux PC’s and would like to back them up using Rsync, enable Rsync in the File Services menu (and create a firewall rule to allow traffic). Here are three tutorials that will show you how to backup and restore a Linux PC, and one that automates the backup process!

5.4 Backups

RAID IS NOT A BACKUP! If the data on your NAS is important to you, you need to back up your data. Following the 3-2-1 backup rule, you must have three copies of your data, on two storage mediums, with one off-site. If you’d like to see how to back up your NAS to a Raspberry Pi or Backblaze B2 (cloud provider), please check out our tutorials!

6. Conclusion - Ultimate Synology NAS Setup Guide

This is a list that will continue to grow and these items are just general guidelines. I am hopeful that it will help you setup and configure your Synology NAS. Not everyone will implement everything, but it’s a good starting point that you can build on! If you have any questions or would like to request a tutorial, please leave a comment!

Please consider checking out our other tutorials if you found helpful! We have videos for all of our tutorials on YouTube as well!

This Post Has 16 Comments

  1. Hello! Great guide! How come we change the DSM ports from their 5000/5001 defaults?

    1. Thank you! There is a lot of debate on if changing the default ports is necessary. In general, the only real reason is so that you’re not using the default ports. The idea is that if there are bots trying to scan ports 5000/5001 in specific, you would bypass them by having something different. In practice, a port sniffing bot will most likely still find your open ports, so there’s a lot of debate on if this is necessary.

      My personal belief is that this doesn’t hurt anything, so I do it. This is harder to justify if you’ve setup a bunch of applications that are already using your current DSM port. Hopefully this helps!

  2. I tried setting up notifications by email, but when I try to send a test email, it says that the test mail fails to send. I think I have to do something with the default gateway and the preferred DNS server IP address? No idea how to do this?

    Also, how do you remove a drive from the storage pool?

    Thanks

    1. Thanks for reading the tutorial! What email provider did you use? You shouldn’t have to change anything with the default gateway or DNS server.

      These are the instructions on how to configure Gmail: https://www.synology.com/sv-se/knowledgebase/DSM/tutorial/Management/How_to_use_Gmail_SMTP_server_to_send_emails_for_DSM

      You cannot remove a drive from a storage pool after it has already been added. You can, however, change the RAID type (depending on the type of RAID you’re using). This link has more information: https://www.synology.com/en-global/knowledgebase/DSM/tutorial/Storage/Reduce_RAID_drives

      Hopefully this helps!

  3. Interesting. So I should be able to change from SHR-1 to SHR-2 and then remove a drive? However, the option to change my storage pool to SHR-2 is greyed out (maybe because I’m currently running an integrity check on my backup?)

    1. If you change from SHR-1 to SHR-2, I believe that you will be locked in at SHR-2 (and unable to change back).

      Can you backup your NAS, then recreate the Storage Pool/Volume to be in the configuration that you want? I’m worried that changing RAID types and trying to pull drives out may not do exactly what you want and then you’ll be locked in at SHR-2.

  4. On the firewall settings, I had to allow SMB ports (137~139, 445) in order for Synology Assistant and Windows to access the NAS. Might want to address that in this guide. And thank you very much for all of this info.

  5. Brilliant guide, I receive my DS720+ tomorrow, so this guide will be one of my first port of calls when I set it up initially. Will also be looking at your Bitwarden tutorial as I plan on trying that as I use Bitwarden for my passwords.

  6. Hi,

    Do you have a PDF of this tutorial so I can print it? Much easier to learn from paper…
    Thank you!

    1. Hello!

      I unfortunately don’t, but that’s great feedback that I will try and incorporate in the future. I assumed it was easier to use a webpage for searching, but I can certainly see how some people would prefer it printed.

      Thank you for the feedback and I apologize for not being able to offer you anything right now. Hopefully sometime soon!

  7. Hi, Just wanted to say thanks. As a newbie home user it is daunting and a step by step guide like this is incredible.

    1. Thanks so much for the kind words! I’m glad that the information helped!

  8. Like many people I am not a specialist about security and your tutos are more than interresting and give the essential to secure our lovely NAS.
    Many thanks for your efforts. I already recommended you to friends who also use Synology NAS.

    I profit of this post to wish all people the best for 2021, Stay safe 🙂

    1. I’m glad to hear it helped, thank you so much for the kind words! Happy Holidays/New Year!

  9. Thanks for a great tutorial. I talked with APC about the BX1500M UPS and they said it does not have a USB port to initiate shutdown for the Synology NAS. The back of the UPS says USB/Serial, but it clearly is a serial port. How does your BX1500M shutdown Synology? I personally have the SMC1000, which is overkill on my next project. I need a smaller solution, and the two that you listed would be ideal, but I am not sure how it will communicate with the DS2220+.

    Thanks,

    1. Did your UPS come with a data cable? It should be an RJ11 (I believe) cable to a USB cable. From there, you should be able to plug the USB into the Synology NAS, then pull up the control panel and it will find the UPS.

      Let me know and we can continue troubleshooting!

Leave a Reply

Close Menu