Thank you for the comprehensive overview. Especially after QLocker, I've been looking for ways to further secure my NAS.

@MikeFaucher

3 жыл бұрын

Thanks. This is a pretty good start for them and they do have an updated version coming very soon from what I was told.

Thanks for this excellent video Mike. It was exactly the tutorial and level I needed to troubleshoot my new QNAP NAS setup. I was receiving threshold alerts every hour after installing QuFirewall. I was able to diagnose the offending internal IP address and create a rule for it. Resolved my issue with exceeding the alert threshold. I'm looking forward to exploring more videos from your channel.

@MikeFaucher

11 ай бұрын

Awesome and thanks for the feedback. Glad it helped.

Thank you kindly. Excellent overview

@MikeFaucher

2 жыл бұрын

Glad it was helpful! Thank you!

With all the recent ransomware attacks on QNAP NASes I thought it time to disable the myQNAPcloud link. Instead I set up the OpenVPN on my router to access it. But the connection couldn't get past QuFirewall. Thanks to your explanation I was able to resolve it. 👍

@MikeFaucher

2 жыл бұрын

Outstanding. Glad it helped and good choice on setting a VPN.

@kimlynch5526

2 жыл бұрын

@@MikeFaucher so if router has VPN on it is that better than using QNAP VPN? Do you use a free VPN app on android?

@H4stur

2 жыл бұрын

@@kimlynch5526 Not sure if it's better. But I thought that it would make more sense. Instead of sending data back and forth between the NAS and the router with QVPN. Yes, I use the OpenVPN Connect app on Android.

@MikeFaucher

2 жыл бұрын

@@kimlynch5526 If you are using OpenVPN it does not matter which one, but it is usually easier to set up on the router as many do not need port forwarding if you use the router. As for the Android app, just as with IOS or windows I only use the OpenVPN app. Hope that helps.

@kimlynch5526

2 жыл бұрын

@@H4stur Could you tell me the app on android you are using? Thanks

Thank you for presentation!

@MikeFaucher

2 жыл бұрын

No problem. Thanks for the feedback.

excellent video, clear, concise and very explanative.

@MikeFaucher

Жыл бұрын

Thanks for the comment, glad you found it useful and appreciate the feedback.

Brilliant video, this is so useful, thankyou ... I had been worried about the amount of packets mine was blocking and didn't have any real understanding about why or how to analyse which packets were being denied until this video. I am now heading straight over to Wireshark to install and hopefully tweak the firewall to work more effectively for me. I second Don's earlier comment, Qnap should be paying you if they aren't already!

@MikeFaucher

3 жыл бұрын

Thank you so much. No they are not paying me I do this cause I want to help others from the issues I go through. I do wish they would let me test some of their hardware before tossing it to the public though, I might be able to help.

@n1ckyr930

3 жыл бұрын

@@MikeFaucher I wish they would let you test it too, you are my go to channel now for Qnap info/support because you give much clearer and easy to follow information than Qnap themselves!

@MikeFaucher

3 жыл бұрын

@@n1ckyr930 Thank you. I have a few more QNAP videos on the schedule. I actually will be working with their tech support tomorrow to learn how to better isolate events that the capture does not find in QuFirewall. If I find anything I will make a short video on it. Thanks for the feedback and for watching.

Thank you for this!

@MikeFaucher

Жыл бұрын

Thanks, glad you liked it.

great tutorial. thanks

@MikeFaucher

3 жыл бұрын

Thanks for the feedback I appreciate it.

Excellent Video Mike! Thank you so much for putting this together. Followed your video and enabled the QuFirewall and set it up for subnet only connection. I started noticing that right away the log started going thru the roof and would receive warnings every hour. I captured the files and to my surprise, there were a lot of overseas IPs trying to access the NAS. I started to panic and unplugged the NAS from internet physically. I am not sure how to describe it, again to my utter disbelief, the amount of hits were the same. Even more surprisingly, the log was exactly in the same sequence. If you sort by time or IP address, you would see the exact IP numbers in the same sequence and the same number of times. It appears that the capture file is filled with bogus data to panic users. I am starting to loose faith on QNAP. Also, I captured files on different dates and times. and they all contain the same exact info. I hope I am doing something wrong. If not, it is very bad scam on QNAP's part. Would you be able to let me know if you can replicate this issue? Thanks again Mike! You are doing a great service to the humanity!

@MikeFaucher

3 жыл бұрын

It sounds like you found something worth looking at. If you are seeing many of the same IP in the capture file I would look those IP addresses up to see if it is something malicious by just googling who is IP NUMBER. I also would not use the subnet only as that is pretty restrictive. Remember it is not QNAPs fault necessarily if something is banging your NAS. Problem could be in your firewall or it may not be a problem at all, based on the source There are many sites based on your configuration that could be legitimately communicating with your NAS, It is important that you tract know this IP addresses and understand the source. Remember it is better to know than not know especially if they are malicious. One thing I can say is that the packet capture files are not bogus, The software does trip on false positives but the capture file are real as I validated them using wireshark on my network. My suggestion is this, go and follow my security settings video and make sure are configured correctly. Change to basic security and rerun it. See if that improves it, If you still get some events, then rerun the packet capture. If you still feel there is an issue, reach out to their torch support as they are very quick. I just worked with them on a simple issue and they have a new version of QuFirewall coming in the next few weeks. If will address some false positives. I hope that helps and please post your progress. If you can post some of the malicious IP numbers so we can check them out.

@bigthoma2000

3 жыл бұрын

@@MikeFaucher Hi Mike, thanks for the quick response. I will change the setting to Basic tonight and see if that makes any difference. I had the internet connection physically unplugged. So there couldn't be anything coming from outside. There is a wifi router and a switch in the network and few other devices connected through wifi. Could one of those be appearing as the outside IPs? The IPs in the capture file is a scary long list including China, Russia, India, Kazakhstan etc. I can send you the exact ip addresses if you are interested. Again, no matter how many times I run the capture, the files look exactly the same and the sequence these IPs appear are also the same. I am planning to take the NAS completely off of the network tonight and directly connect and rerun the tests to see what it gets me. Will let you know the result.

@bigthoma2000

3 жыл бұрын

​@@MikeFaucher Hi Mike! I tested with directly connecting my laptop to the NAS. NAS is not connected to anything else. Still the capture files look exactly the same as before. Tested with Subnet Only and Basic settings. Same result. Not sure what I am doing wrong. Here are some of the IPs coming up on the list: 88.204.193.25; 80.95.91.212;78.85.5.239;126.88.242.33;77.82.145.196;45.144.113.128;207.180.192.206;154.45.216.229;173.249.33.72;173.249.33.73;37.21.187.236 The list goes on. I am totally baffled. Not sure where this is coming from. Again only my laptop connected to the NAS; nothing else.

@MikeFaucher

3 жыл бұрын

@@bigthoma2000 IF your laptop is connected to the internet, it will most likely see the same thing. Looking at some of the IP addresses they seem to be data and communications companies. Are you running any VOIP, torrents, or TV service appl on any of your computers? Based on what I see, the issue is to your entire network, not just the NAS. I would try and disconnect the NAS (unplug the ethernet), then run Wireshark (just a basic capture) and see if this is a global problem on your network. My guess is that it is. QuFirewall may have just identified an issue you did not know you have. If I am right, then you have much more troubleshooting to do.

@bigthoma2000

3 жыл бұрын

@@MikeFaucher Hi Mike, I did some more troubleshooting. Now I don't think I can believe the information in the capture file is accurate. When I am running wireshark on the network, none of the public IPs mentioned in the QFire capture files came up with or without QNAP being in the network. Another test- Unplugged QNAP from the network and directly plugged into my laptop and then did a Wireshark capture. Again, none of the IPs mentioned QuFireWall capture come up. If I do a QFirewall in that setup, all those IPs still show up. I had the wifi disabled on the laptop when these tests were run so there is no internet connectivity at all. Also, tested with two different laptops to rule out possibilities of a program on one laptop banging the QNAP. To clarify, on the QUFirewall capture, these suspicious IPs appear as source and the QNAP is the destination. The strange thing is that all the capture files are identical. All the IPs listed are the same and come up in the same sequence. The only thing I can think of is that somehow the capture file is not being updated. I must be getting some old data from cache of some sort may be? I have tried the capture time set to 15 sec and 30 sec and 30 minutes and and stopping while it is capturing- all different flavors. However, the data in the files appear to be the same. I am now totally baffled by these capture files.

Thanks for the video - Very well explained

@MikeFaucher

3 жыл бұрын

Thanks , appreciate it.

Great tutorial Mike! If i set static LAN address for NAS and router i don't need DDNS?

@MikeFaucher

Жыл бұрын

No, you can use the default as it should be fine. Thanks for the feedback.

Hey Mike - Your tutorial video on QNAP firewall is very well structured and informative. One question : Under basic protection rule the second rule allows any source from your home country..in your case US . I see that we do have option to add more counctries in the edit mode for the rule. Do we have to add the country to which you yourself are travelling to for say a holiday so that you are able to access it whilst travelling to that other country and don't get a denial ?

@MikeFaucher

Жыл бұрын

No, typically you do not have to add countries you are traveling based on to assumption that you are accessing through a VPN or other secure relay site and not trying a direct connect. The allow rule is mostly for services that may be accessing your network through another devices or cloud service. Not all threats come from the NAS but rather from other devices. Hope that helps and thanks for the feedback. One other thing is that you actually do not need to allow any country which is how I ended up setting all of mine.

@nitinwaje9395

Жыл бұрын

@@MikeFaucher Thanks Mike for explaining it in detail .

hi, i have seen your video on how to connect qnas to pc, i just currently purchaced a asus crosshair dard hero motherboard and i comes with 1 gigabit land and a 2.5 gigabit ethernet , i am connecting a 6 bay qnap with 1, 5, 10, gigabiy , my question is if i connect the pc & the nas directly , how do i accses the qnap nas files without syncing the both together, and having all those files in my pc ,,, any help would be appreciated , thank you

@MikeFaucher

3 жыл бұрын

Accessing the files on your NAS whether or not you connect direct for speed or to your network is basically the same. You are not copying or syncing files to your PC, but accessing the files directly on the NAS by the IP address or by mapping a network drives. The direct connection is just a way of using faster network devices such as 2.5GbE and bypassing the limitations of the switch. If you are new to using a NAS, I would suggest connecting it to your network first as it may make more sense and then later going for the speed or direct connect. Hope that helps.

Hi MIke, Your video on QuFirewall was a great help to understand the application, however prior to installing QuFirewall I was able to access the NAS from my office PC using Open VPN. After installing QuFirewall & looking at your video on QuFirewall I set an rule to setup ip port range the open vpn connects to my home network from my office pc but QuFirewall blocks my access to the NAS drive if I disable the QuFirewall on my NAS drive all works fine, can you kindly assist me what I am missing or doing incorrectly? Will be most obliged, many thanks, kind regards.

@MikeFaucher

2 жыл бұрын

The issue is with the rule itself or the position. Make the rule is at the top and that it spans the whole in range of OpenVPN. Also are you using OpenVPN as a tunnel? If you are not you may need do a capture to see if you need to allow another range.

Hi Mike, thanks for the video. I just wanted to clarify... if I use these settings you have, but I add in my dedicated VPN IP, then only I can access my QNAP NAS externally? Or does the Region setting set to United States allow pretty much all internet traffic within the US to access my QNAP NAS?

@MikeFaucher

Жыл бұрын

As long as your VPN is based on one of your devices, you are good to go, and it does not matter which region you are in. I use Tailscale and have accessed my NAS in the US from the UK and France without any issues. The VPN provides access from wherever you are to your local network. I have some videos on this topic on my channel that may help.

I can't even get qufirewall open. No idea where to find it. In the app store, it says there are no updates available but also no evidence of qufirewall being on my NAS

@MikeFaucher

Жыл бұрын

Assuming you are using a Qnap, you can launch it from the app store, search from the search function in the top menu, or go to the left side of your screen under the triple menu bars and should see it there. Hope that helps.

do you have a newer video? suddenly getting a lot of 'events' notifications recently, but it's entirely unclear what they are

@MikeFaucher

6 ай бұрын

There one more newer than this on channel but I working on an update for 2024.

I have this but don't how to use it. I took my nas offline ever since i looked at the logs and saw many attempts to log in mostly from asia area.Is there a way to change the qnap login port from 8080 seems like every one knows that port. I will study this video thanks very much

@MikeFaucher

3 жыл бұрын

Glad it helped. You can change the port from the control panel, general settings, and system administrator settings. Remember that block event are better than if they got in. You just need to know who and why.

@ronkali5365

3 жыл бұрын

@@MikeFaucher Thanks got the port change, now to study your video.Over 1,000 packets as i said i had this for a while. I deleted and reinstall, will start from fresh following your video

@MikeFaucher

3 жыл бұрын

@@ronkali5365 Good luck and thanks for the feedback. Working with tech support at QNAP to better refine how to troubleshoot. Hopefully, they will come through. Keep me posted.

Here's a trick: if you're migrating hard drives from one QNAP to a new one, make sure to add rules to the firewall to allow access to ALL adapters on your local network. My old QNAP had rules setup for adapter 2 & 3, but the new device the order was different and I was only plugged into adapter 1. When I installed qufirewall it inherited the old NAS rules and disallowed all traffic on adapter 1. Luckily the new one had HD station so I use it while hooked up to a monitor, but it took me way longer than I'd like to admit to figure out why I couldn't access the NAS over the network when I enabled the firewall

@MikeFaucher

2 жыл бұрын

Interesting. Had not thought of that one. I allow all local anyway but that is good to know. Thanks for sharing.

QNAP software is generally very buggy. Hit F12 next time you login and look in the console tab of the Chrome debugger. You can see just how sloppy they are.

@MikeFaucher

6 ай бұрын

I will check that out. Thanks for the feedback.

Hey thanks for the video, For the life of me, I've not been able to figure out how to configure QuFirewall so as to be able to access me Plex server remotely, If I turn it off, Plex works fine remotely, I have no idea what am doing wrong, I've added my Plex IP in QuFirewall yet nothing's changed, I need help pla. Thanks

@MikeFaucher

Жыл бұрын

Are you accessing it with a VPN or other service? Look at the IP address your client is using when it connects. Typically if you use a VPN or another service, your client will get another IP, such as OpenVPN issues 10.281..x.x address which QUFirewall will block unless you create an allow rule.

@eigh8plus

Жыл бұрын

@@MikeFaucher Thanks for the reply, I'm not using any VPN, I have a static IP address from my provider, I've tried creating a rule with the IP address of my Qnap which happens to be the IP address of my Plex server, I have no idea if I did it right

@MikeFaucher

Жыл бұрын

@@eigh8plus Your Qufirewall rull needs to allow any request from the plex port. You can not create a rule allowing your NAS, but rather you need a rule that allows your WAN IP with the PORT number to pass through. Remember QuFirewall is not a global firewall it is something that blocks access to your device (NAS). This configuration sounds extremely dangerous, as you should not be able to access your Plex directly from the outside. If this is what you are going to do, then you need to allow the IP that is coming in from access to your device. I would expect you to have a port forwarding rule in your router that takes the outside request and forwards it to a local IP address. QuFirewall should not block this. I really need to see more of your configuration. I you still can't get it to work, send me screen screenshots to the email that is on the about page so we can figure this out.

@eigh8plus

Жыл бұрын

@@MikeFaucher I did exactly as you stated here, opened a port in my router for Plex, and created a rule in QuFirewall with my WAN and the Plex port, and everything seems to be working fine, thanks for your help

@MikeFaucher

Жыл бұрын

@@eigh8plus Did you do a port forward in your router? You should not have to put your wan in qufirewall. Glad it works but it seems dangerous.

I cant change profile. Instant error. It's not on basic profile. I had over 24000 notifications in 24 hours.

@MikeFaucher

2 жыл бұрын

Uninstall the app and re-install it. Sounds like something is corrupted.

@frederickwoof5785

2 жыл бұрын

@@MikeFaucher Thanks, I created a new profile from scratch, it seems to work.

@MikeFaucher

2 жыл бұрын

@@frederickwoof5785 Great! Thanks for the update.

Its mad that Synology has had a firewall for years and QNAP is only just doing it now.

@MikeFaucher

2 жыл бұрын

Can't argue that but I am glad they finally put it in and are improving it.

@StefanBChristensen

2 жыл бұрын

It's no like QNAP first got "a firewall" now. They have had that for as long as I can remember as part of the normal configuration program. It just got a more fine grained dedicated app for doing it now. I've been using QNAP for more than 14 years and they've always had basic firewall in Settings -> Security section that includes "Allow/ Deny lists", later with "Service Binding", "Account Access Protection", and more... But the dedicated app is definitely a nice step up 👍

@ecotts

Жыл бұрын

@@MikeFaucher 11 months on QNAP has made zero improvements. 😃 Synology for the WIN!

@ecotts

Жыл бұрын

@@StefanBChristensen That wasn't a firewall, that integrated thing couldn't do ports, protocols or anything else other than IPs

@MikeFaucher

Жыл бұрын

@@ecotts Good luck and thanks for the feedback.