Today we are going to look at how to setup a Synology NAS on DSM!
This will be a long tutorial that will have many different components in it, but I’ll do my best to break it down by section. I want to highlight that everything in this tutorial isn’t mandatory, but it’s a good starting point where you can pick and choose what you’d like to implement.
The items listed in pink are new additions with full tutorials/videos. These will open in a new window.
TABLE OF CONTENTS
- 1. Synology NAS Initial Setup
- 2. Storage Pool, Volume, Shared Folder
- 3. Data Protection & Monitoring
- 4. Security
- 4.1 How to Configure DSM Update Settings
- 4.2 How to Change Default Ports
- 4.3 How to Enable Denial-of-Service (DoS) Protection
- 4.4 How to Configure Auto Block
- 4.5 How to Setup the Synology NAS Firewall
- 4.6 How to Enable Two-Factor Authentication
- 4.7 OpenVPN Server Setup & Configuration
- 4.8 How to Configure HTTPS on a Synology NAS Using an SSL Certificate
- 5. Additional Recommendations
- 6. Conclusion
1. Synology NAS Initial Setup
We will quickly discuss how to setup a Synology NAS. Ensure that your NAS is plugged in and has internet access before proceeding.
1.1 How to Find and Setup your Synology NAS
1. Navigate to the website http://find.synology.com and wait for your device to be found. DHCP will automatically give your DiskStation an IP address.
2. Accept the End User License Agreement and select Set Up.
3. Select Install Now.
4. DSM will now inform you that all data on your hard disks will be erased. Check the box and select OK.
5. DSM will install and reboot when finished. After a few minutes have passed, open a new tab and navigate to http://find.synology.com. Your DiskStation should show up and you will be able to connect.
6. Give your DiskStation a Server Name, Username and Password.
7. The next step will ask you to configure QuickConnect. You can do this at a later time if you’d prefer.
8. Select Go. Congrats, you’ve officially setup your Synology NAS and DSM is now installed and accessible!
1.2 How to Change the IP Address of your NAS (Static IP)
The first thing that I always do when I setup my Synology NAS is change the IP address so that it’s always the same. It’s best to make a DHCP reservation in your router’s configuration, but a lot of ISP-provided routers don’t allow you to do that. If you can’t reserve a DHCP address, check to see if you can limit the addresses your DHCP server can give clients (<150, for example). Follow these instructions if you’d like to change the IP address from DSM.
1. Go to the Control Panel and select Network Interface. Select Edit on the LAN device.
2. Select Use manual configuration and enter the IP Address you’d like to use. The subnet mask, gateway, and DNS server can all stay as default (since they were pulled from DHCP). Select OK. Your network settings will apply and your DSM session will refresh with your new IP address.
NOTE: A lot of Synology NAS’s have multiple ethernet ports. If you’ve plugged in more than one ethernet cable, you’ll need to set distinct IP addresses for each LAN interface.
2. Storage Pool, Volume and Shared Folder - Ultimate Synology NAS Setup Guide
Most people buy and setup a Synology NAS intending to create network folders for various reasons. To create a shared folder in DSM, you need to first create a storage pool and volume. After that’s done, you can create as many shared folders as you’d like!
2.1 How to Create a Storage Pool
1. Open the Storage Manager and select Storage Pool.
2. Select Create. At this point, you will be brought to a few different options and most are user-specific, meaning what you select is based on what your needs are. I will be creating an SHR storage pool for future flexibility.
3. Give your storage pool a description if you’d like, select the RAID type you will be using and select Next to proceed.
4. Select the Hard Drives (generally all of them) that you’d like in this Storage Pool and select Next. NOTE: you can always add drives later and expand your storage pool/volume.
5. You will be prompted that all data on the drives will be erased. Select OK.
6. The next option will ask if you’d like to perform drive checks. Make sure Yes is highlighted and select Next.
7. Click Apply and your storage pool will be created. Depending on the size of your drives, it will take a little while to verify drives (this will be done in the background).
2.2 How to Create a Volume
Now that our storage pool is created, we can create a new volume which is where our shared folders will be stored.
1. Open the Storage Manager and select Volume. Click Create to create a new volume.
2. Custom will be highlighted. Click Next.
3. Select Choose an existing storage pool and click Next.
4. Select the Storage Pool that you created in an earlier step and select Next.
5. The next section will ask you to create a file system. If you’re using a NAS that supports btrfs, you should always select it (unless you have a good reason not to). However, not all NAS products support btrfs. In that case, ext4 is fine.
6. If you’d like to allocate this volume as having a certain amount (total size) of the storage pool, you can modify it here. If not, select Next.
7. Click Apply.
Your storage pool and volume are now created. It will take a little while for your volume to complete the creation process, but it’s generally dependent on size. At this point, a storage pool and volume have been created which means you can create a shared folder!
2.3 How to Create a Shared Folder
After the storage pool and volume is created, we can now create a shared folder. Shared folders are the backbone of NAS units and are what you’ll store all your files on!
1. Open Control Panel and select Shared Folder.
2. Select Create. A new dialogue box will appear where you’ll need to change a few settings:
- Name: Name of the Shared Folder.
- Description: Description you’d like to use.
- Location: Volume you’d like to use.
- The next three options are personal preference based on if you’d like the folders visible to others and if you’d like a recycle bin enabled (so files aren’t deleted permanently).
3. The next screen will ask if you’d like to encrypt the shared folder. If you would, select the checkbox and enter an encryption key.
- A few things to note with encrypted files: Encrypted files work by mounting/unmounting them with the encryption key (password) in DSM. When you mount the folder, it functions the same way as other shared folders do. It simply gives you the option to unmount the shared folder when you’re done adding files. When the drive is unmounted, no one can access the files until you mount the folder again. If you lose the encryption key, your files will be lost forever. Keep it somewhere safe!
4. Enable data checksum (if applicable) and file compression/folder quota if you’d like. Select Next.
5. Select Apply.
6. After the folder is created, you will be brought to the folder’s permissions. Change the permissions to match what you’d like. Your folder is now created!
3. Data Protection & Monitoring - Ultimate Synology NAS Setup Guide
Now that a storage pool, volume, and shared folder are created, we need to change a few settings to protect and monitor our data.
3.1 How to Setup a Data Scrubbing Schedule
Data scrubbing inspects your volumes and modifies detected inconsistencies. In simple terms, this protects your NAS against bit-rot. There isn’t a specific schedule that’s mandatory, but it’s a good idea to run it at minimum, bi-annually.
1. Open Storage Manager, select Storage Pool, then Data Scrubbing. Then select Set Schedule.
2. Select Enable Data Scrubbing schedule, select a Frequency and Start Date.
3. Select a Target for this schedule, check off the storage pools you’d like this to run on, and then select OK to proceed.
3.2 How to Configure Snapshots
The easiest way to think of snapshots is that they “freeze” your files in time and allow you to recover those files later if necessary. Every time a snapshot is created, a “restore” point is created, which allows you to recover files/folders from a point in time. The best part about this is that the snapshots themselves take up very little space and give you tons of flexibility!
1. Open the Package Center, search for Snapshot and install the Snapshot Replication package.
2. When the install finishes, launch the Snapshot Replication application. Select Snapshots and select settings on the folder you’d like to schedule protection for.
3. Enable the snapshot schedule. At this point, there are two final settings you’ll need to check:
- Retention: Select how many snapshots you’d like to retain. Depending on the file type (and size), you’ll most likely have different retention policies for different folders.
- Snapshot Visibility: If you would like snapshots to be visible, select the checkbox under the Advanced section.
After the snapshots have been configured, your system will start to create snapshots regularly. When the retention policy hits its maximum, old snapshots will be deleted. Your files are now protected! Keep in mind – this is not a backup.
3.3 How to Setup a Recycle Bin Task
By default, the recycle bin will retain files until you empty it. However, there’s an easy way to set up a schedule so that your NAS automatically deletes these old files after a certain period of time.
1. Open Control Panel and select Task Scheduler.
2. Select Create, then Scheduled Task, then Recycle Bin.
- General: Enter a Task Name.
- Schedule: Specify when you’d like the task to run.
- Task Settings: Specify if you’d like all recycle bins to empty or only specific ones.
- Retention Policy: This is an important step! I retain all deleted files for 14 days, but this is completely personal preference. This setting specifies when files are deleted. There are also advanced settings you can check.
This is very important because when you’re using a NAS, you generally have data rotating like snapshots and backup files. This means that if you don’t set up a recycle bin emptying schedule, your old files will pile up and take up unnecessary space. A small step that really helps!
3.4 How to Setup the Storage Analyzer
The storage analyzer allows you to see what files/folders are taking up space on your NAS and if any duplicates exist. It’s a powerful tool that periodically comes in handy.
1. Open the Package Center, search for Analyzer, and install the Storage Analyzer package.
2. When it’s done installing, open the package. You will be asked to specify a location to save your reports. Select Yes. Specify a location to save your reports and the frequency you’d like reports generated.
3. A wizard will then start that assists you in the creation of the scheduled task. Give your report a name and specify the total number of reports you’d like to keep.
4. Keep all Report Types selected (unless you don’t want specific ones generated) and click Next.
5. Specify when reports should be generated and if they should be generated now.
6. At the next screen, you’ll be brought to a page where you can select individual shared folders. It’s best to keep the default option Automatically include all existing and future shared folders selected and proceed.
7. Keep the default values for duplicate files and proceed.
8. Click Apply. Your task is now created!
This might not seem important on the surface, but understanding how your storage is being used is integral!
3.5 Uninterruptible Power Supply (UPS)
If your data is important to you, a UPS is the cheapest security blanket you can buy. It ensures that consistent power is delivered to your NAS and in the event of a power outage, it can safely power down your NAS. If you don’t have a UPS, it requires an additional purchase, but in my opinion, it’s well worth it. Here is a link to my favorite UPS (that I own). If you’d like to buy a UPS, but spend a little less, here is another great option which has USB data transfer as well so it can automatically turn off your NAS! When you purchase a UPS, plug in the USB cable to your NAS and enable UPS support (Control Panel, Hardware & Power, then UPS).
NOTE: If you’ll only be using a UPS for your NAS, this option is more than capable! Save the money as you don’t need anything more!
When you get your UPS, follow these instructions to configure it.
1. Open Control Panel, Hardware & Power, then UPS.
2. Enable UPS support. You can then configure the time before your NAS enters safe mode, and even shut down your UPS if you’d like.
4. Security - Ultimate Synology NAS Setup Guide
The security of your NAS is incredibly important. I am going to go over a few basic settings that can be changed to secure your NAS. It’s important to note that cybersecurity is always evolving and staying up to date with best practices is important. These are things I normally change, but depending on your needs, you can potentially secure your NAS even further.
If you aren’t exposing your NAS to the internet, some of these settings won’t affect you. However, it’s still a good idea to change them. If you are exposing your NAS to the internet, these settings are mandatory!
NOTE: to see security, you will need to go into the advanced mode of your Control Panel (top right).
4.1 How to Setup Synology NAS DSM Update Settings
If you do nothing else, installing Synology’s newest updates should at the top of your list. Not only do you get new features, but more importantly, you get the newest security enhancements.
1. Open Control Panel and select Update & Restore.
2. Select Update Settings and Automatically install the new update. Pick a date and time (preferably during the middle of the night) that updates will install.
4.2 How to Change Default Ports
By default, Synology sets the default HTTP port to 5000 and the default HTTPS port to 5001. I always change these ports as it’s a good security practice to do so. If you don’t intend on exposing your NAS to the internet, I wouldn’t say it’s necessary, but if you do intend on exposing it, I would change these ports.
1. Go to the Control Panel and select Network. Select DSM Settings and change the default ports from 5000/5001 to the ports of your choosing. After making the change, DSM will restart your web server. NOTE: Make sure the ports you picked are not currently being used.
4.3 How to Enable Denial-of-Service (DoS) Protection
A Denial-of-Service (DoS) attack’s purpose is to shut down your machine or network making it inaccessible. Synology has an easy way to protect against this.
1. Open Control Panel and select Security.
2. Select Protection and enable DoS protection. NOTE: you will need to do this for every network interface that you have.
4.4 How to Configure Auto Block
1. Open Control Panel and select Security.
2. Select Account. Ensure Enable auto block and Enable Account Protection is selected. These are somewhat redundant, but it can’t hurt to have both on.
4.5 How to Setup the Synology NAS Firewall
Synology’s firewall monitors incoming and outgoing network traffic and permits or blocks data packets based on the security rules defined. This is incredibly important, as this firewall will be what determines which traffic should be permitted to your NAS.
Firewall rules are completely dependent on what you’re using. Meaning that someone who is using SSH will have an “allow” rule for SSH, while someone who isn’t will block it. For this reason, I can’t go over exactly what you should add, but I will go over a few fundamentals.
- Firewall rules are executed top to bottom. Meaning that all “allow” rules must be at the top of the list, with a “deny all” rule at the bottom. When traffic enters the NAS, it will go through the list and if it isn’t explicitly permitted, the “deny all” rule will block traffic. TLDR: put your allow rules at the top and the deny all rule at the bottom.
- You shouldn’t open ports to applications you aren’t actively using. For example, you might have SSH enabled, but it’s a good idea to turn off SSH when you’re done and to remove the “allow” firewall rule.
- As you add new packages to your NAS, new “allow” rules will need to be created. Your NAS will generally inform you that you need to create a new rule when you finish installing/configuring a new package.
1. Open Control Panel and select Security. Select Firewall and Enable the firewall. When done, select Edit Rules.
2. At this point, you will need to create rules that allow traffic into your NAS. The first thing you need to ensure is that you allow traffic to DSM. Select Create and when the firewall rules criteria appears, check off select from a list of built-in applications. Select the Management UI checkboxes, click OK, and then add the rule.
- NOTE: Technically, you only need to create one “allow” rule which is a combination of all of the ports that you’d like permitted. However, if you want to allow traffic to certain ports by IP subnet (for example), you should have one rule per service/application. TLDR: create one rule per application so that you can easily manage them.
3. Go through all of the applications and ensure that you are allowing traffic where necessary.
4. At the bottom (as your last rule), create a “deny all” rule.
5. When you’re done adding all of your rules, Apply your changes.
Your firewall is now activated! This is something that you will constantly have to maintain by adding new rules and removing older ones no longer needed. Remember, cybersecurity must be maintained! Unfortunately, “set it and forget it” won’t work in this case.
4.6 How to Enable Two-Factor Authentication
I know…it’s annoying, but it works. Two-factor authentication ensures that if your password is compromised, you have an additional layer of security that ensures your account cannot be accessed.
1. Select the Person icon in the top right and select Personal.
2. Select Enable 2-step verification. The email service will need to be enabled for this. You can learn how to configure Gmail to send email notifications here.
These are simply suggested approaches to securing your NAS. Ultimately, exposing your NAS to the internet is an inherent risk that makes the security practices above (and potentially more) mandatory. If you don’t want to use QuickConnect, consider setting up a VPN so that you can only allow traffic to your NAS from internal IP addresses.
5. Additional Recommendations - Synology NAS Setup
I didn’t create full tutorials for these items, but these are a few things I’d suggest considering. If you’d like written instructions for any of these, leave a comment!
5.1 Synology's QuickConnect
QuickConnect allows you to access your NAS from outside of your network. This is Synology’s way of ensuring you don’t need to open ports to your NAS to access your data externally. I don’t use this, but there’s nothing wrong with using it. The way that I access my data from outside of my network is through my VPN. Keep in mind that if you do use this, technically, you’re trusting Synology’s ability to secure your data. Look into configuring a VPN Server on your NAS if this bothers you.
5.2 Dynamic Domain Name Service (DDNS)
Having a DDNS hostname ensures that you are always connecting to your external IP address. Most providers assign dynamic external IP addresses to clients which means that your current external IP address might not be the same tomorrow or two weeks from now. Synology provides a free “synology.me” DDNS hostname (which I use on my production server), but if you’d like to use DuckDNS instead, I wrote up a tutorial on how to configure it.
5.3 Rsync Service
If you have Linux PC’s and would like to back them up using Rsync, enable Rsync in the File Services menu (and create a firewall rule to allow traffic). Here are three tutorials that will show you how to backup and restore a Linux PC, and one that automates the backup process!
RAID IS NOT A BACKUP! If the data on your NAS is important to you, you need to back up your data. Following the 3-2-1 backup rule, you must have three copies of your data, on two storage mediums, with one off-site. If you’d like to see how to back up your NAS to a Raspberry Pi or Backblaze B2 (cloud provider), please check out our tutorials!
6. Conclusion - Ultimate Synology NAS Setup Guide
This is a list that will continue to grow and these items are just general guidelines. I am hopeful that it will help you setup and configure your Synology NAS. Not everyone will implement everything, but it’s a good starting point that you can build on! If you have any questions or would like to request a tutorial, please leave a comment!
Please consider checking out our other tutorials if you found helpful! We have videos for all of our tutorials on YouTube as well!