Your Synology DiskStation is mostly a set-and-forget device, low on maintenance. But you’d better become familiar with the most common settings in case you need them along the way.
This post on configuring and maintaining your Synology NAS is the sixth part in a series on getting started with your NAS.
Configuring And Maintaining Your Synology NAS
Now that you have your DiskStation up and running, it is time to dig a level deeper to keep it running in the long term. First, I will show you some settings you made during the initial installation and allow you to change them if needed. Next, we go through some settings that help you make your DiskStation operate more securely.
Review Initial Setup
During the initial installation, I encouraged you to enable QuickConnect. QuickConnect is a zero-configuration technique that lets users connect over the internet to the DiskStation. However, QuickConnect relays all traffic to and from the DiskStation via Synology servers.
You could have privacy concerns aside from the delay compared to a direct connection. In addition, everybody can connect to your device, so invalid login attempts are possible.
Open Control Panel, QuickConnect in the Connectivity group, and remove the checkmark at Enable QuickConnect. Click the Apply button to confirm the change.
During the initial installation, there were two other instances where you could choose: device analytics and share network location. To control these settings afterward, open Control Panel, Info Center in the System Group, and the Device Analytics tab. Here you see both options, and you can change them anytime.
Your DiskStation has an operating system (DSM) and applications or services (packages) that run on it. Synology regularly updates both, and you can configure whether or not these are updated automatically or manually.
For updates of DSM, open Control Panel, Update & Restore in the System Group. The first tab, DSM Update, shows the model name, current DSM version, and status. Click on the Update settings button. Here you can choose between an automatic update or a notification that a new update is available. For DSM updates, I prefer a notification. Also, note the schedule for when the DiskStation checks for updates.
When you receive a notification, you go to this same page, and the status will offer you an update link. For the DiskStation to be able to notify you, you have to configure your email address. In Control Panel, Notification in the System group, enable email notifications and fill in the fields. I found the subject prefix very handy as it helps me recognize which email comes from my DiskStation.
For package updates, open Package Center and click on the Settings button in the top-right corner. On the General tab, enable mail notifications if you like to receive an email notification about package updates. You can also allow desktop notifications, which means you are notified of an update when logging into the DSM desktop. The Package Center has a red dot and the notification icon as well.
Select the Auto-Update tab, and check Update packages automatically if you like this setting. You now can choose between automatic updates of all packages or only selected ones.
There are a few recommended network configurations that you can consider. Open Control Panel, Network (Connectivity group).
The first recommendation is to give your DiskStation a static IP address. It is common to provide servers in a network a fixed address, in contrast to a dynamic address for clients. Unless you are familiar with IP addressing, I suggest skipping this step to prevent accidents.
If you are familiar with what an IP address is, go to the Network Interface tab, select the LAN interface connected, if your DiskStation has multiple LAN ports, and click on the Edit button. Choose Use manual configuration and fill in IP address, subnet mask, gateway, and DNS server. Click OK to confirm.
Next, move over to the DSM Settings tab. At the top of this page, you see the DSM ports. It is a safety measure to alter the default ports. But unless you plan to connect to your DiskStation over the internet, I see no reason to change it now.
The setting Automatically redirect HTTP connection to HTTPS is a good practice. The DiskStation comes with a certificate for this purpose. Please note, however, that your browser will complain about it and generate a security alert because it is a self-signed certificate.
That is completely fine and follow the instructions in your browser to allow using this certificate and the HTTPS connection. Below this setting is Enable HTTP/2. Enable this too.
There are also a few recommended security configurations that you can consider. In Control Panel, select Security in the Connectivity group. You might not find these relevant if you do not open your DiskStation from the internet. That is true, but not entirely. Consider that your internet router or a client on your network is compromised, and malware is looking on the same network for new targets. This is not science fiction but an everyday reality.
First, notice the logout time at the top of the Security tab. The default is 15 minutes. Also, note two check marks for ‘Improve protection against…’ and ‘Improve security with…’. The next option, Do not allow DSM to be embedded with iFrame, is also recommended.
Next, switch to the Protection tab, and enable the DoS protection.
Last, switch over to the Account tab, and enable autoblock. This will automatically block an address after failed login attempts. Stick to the default values and enable block expiration. Unblock after one day. This is to prevent you from forever blocking yourself.
Click on the Allow/Block List button. Click on Create, select Subnet at the top, and enter the IP address range and subnet mask. If you are not familiar with this matter, skip this step or ask a friend who is.
Theme And Regional Configurations
After all these sophisticated nuts and bolts, now some more fancy stuff for a change. Open Control Panel, Theme (System group). On the Login Style tab, you can change the login page. On the Theme tab, you can choose between a Light and Dark theme.
In Control Panel, go to the Regional Options (System group). On the Time tab, under Date & Time, change the date and time format to your liking and adjust the time zone if necessary.
Your DiskStation can inform or alert you about a broad range of conditions whenever they occur, like a volume in low capacity or backup status. You can receive notifications via email, a text message (SMS), or a mobile device. Please install the DS finder app on your mobile device for the last option.
In Control Panel, go to Notification (System group). On the Email tab, configure your email account. Send a test email with the button at that tab.
Go to the Advanced tab, browse through the list of events and make any changes if needed. Note that services or applications you install later are added to the list with their events. Therefore it makes sense to come back later and make necessary changes to notifications.
In Control Panel, open Hardware & Power (System group). Review the settings on the General tab. Most settings are self-explaining, like beep control and fan speed mode. You can even adjust the brightness of the LEDs on the exterior of your DiskStation.
Switch to the Power Schedule tab. Here you can create a startup and shutdown schedule. Before you ask yourself why you should do this first, it is widespread to leave a DiskStation powered 24/7, and if not in use, it goes into sleep mode.
However, you can define power schedules if you use your DiskStation only a few times per week or for backup only during an hour at night. Maybe you like to start your DiskStation manually if necessary, but define a shutdown schedule at 11 pm every day.
If you have a UPS or uninterruptible power supply, switch to the UPS tab. Ensure you have the USB cable between the UPS and the DiskStation. Enable UPS support (check), shutdown UPS when the system enters Safe Mode (check), and if you have more DiskStations, also Enable network UPS server and configure the other DiskStations via the Permitted DiskStation Devices button.
Your DiskStation can make a backup of its configuration. I immediately warn that not all configurations are in this backup, but some are better than nothing. I discuss the configuration backup in the module on backups in more detail.
For now, it is enough to make such a backup and store it on your computer.
In Control Panel, go to Update & Restore (System group) and open the Configuration Backup tab. Click on the Backup configuration button. After a message about what is backed up, click Yes, and the backup is downloaded to your computer. The file has the following format: DiskStation-name_timestamp.dss.
Good description: https://www.howtogeek.com/318693/how-to-back-up-and-restore-your-synology-nas-configuration/
The Log Center is an application you find in the Main Menu. When you open it, you might get a message about advanced functions. Click OK). It says you can install an advanced version of Log Center from Package Center. This package will replace the limited Log Center application with a more feature-rich version. I will discuss the Package Center in the next module.
In the column at the left, select Logs. You see a list of log entries in the pane at the right. These are from the General log, as you can see at the top of the pane. Click on General and select Connection from the drop-down list. Different log entries appear. Look at the user names listed in the log. I assume these names are familiar. That’s good.
There is more to it, but for now, I am happy that you know there is a log and where to find it. It is a good source for troubleshooting.
Two-step verification, or two-factor authentication, is a very secure way to verify that it is you who logs in and not somebody else pretending to be you, like somebody who happens to know or guessed your user name and password. Even the most robust password is weak because it is based on a single factor: knowledge. Not relying on a password only for authentication is so much better. Introduce a second factor, like something you have, mitigates the risk involved in authentication to a minimum.
I encourage you to enable 2-step verification for at least the administrator account(s) on your DiskStations. When you log on with a user name and password, a second verification step occurs by entering a six-digit number. This number is generated each minute and expires after that period. You can use one of the many authentication apps on your smartphone to generate that number. When you set up 2-step verification, your user account is linked to the authentication app so that the numbers align.
In DSM, you can enable 2-step verification at two levels. One for a specific user and one for users in general. Either way, you must set up your email account in DSM if you lose your smartphone.
To enable 2-step verification for a user, log in as that user. Open the user menu in the top-right corner of DSM, and select Personal. On the Account tab, tick the box Enable 2-step verification. You might get a warning that email notification is not enabled. If so, click Yes and enable it. Next, click on the 2-Step Verification button to start the wizard and follow the instructions on the screen. Make sure your smartphone is ready and install an authentication app like Google Authenticator or Authy.
To enable 2-step verification for users in general, open Control Panel, User. Open the Advanced tab. Go to the 2-Step Verification section, tick the checkmark, and select either the Administrators group users or All users. Notice that further configuration is handled per user at the next login.
If you lose your phone, you can get an emergency code sent to your email account. There is a maximum of 5 emergency codes. Note that you can disable 2-step verification with a physical reset (Level-1).
Thanks for reading
This post configuring and maintaining your Synology NAS is donation-ware, and I made it to help you. Please consider leaving a comment or buying me a coffee if it did, and I will be eternally grateful.
Paul Steunebrink / Storage Alchemist