Search

How to Use QuFirewall

Last modified date: 2022-02-07

About QuFirewall

QuFirewall is a firewall management application for your QNAP device. Integrating a powerful and easy-to-use profile system, QuFirewall lets you control and review connections to your device.

Getting Started

  1. Install QuFirewall on your device.

    For details, see Installing QuFirewall.

  2. Initialize QuFirewall.

    For details, see Initializing QuFirewall.

Installation

Installing QuFirewall

Important:

Before installing QuFirewall, ensure that a default volume is configured on the device. For details, see the volumes section of the QTS User Guide.

Note:

QuFirewall requires QTS 4.5.1 or later.

  1. Log on to QTS as administrator.
  2. Open App Center.
  3. Click .

    A search box appears.

  4. Enter QuFirewall.

    The QuFirewall application appears in the search results.

  5. Click Install.

    The installation window appears.

  6. Select a volume to install QuFirewall.
  7. Click OK.

    QTS installs QuFirewall.

Initializing QuFirewall

This process walks you through the process of configuring QuFirewall. These steps are only required the first time you start QuFirewall.

  1. Open QuFirewall.

    The Get Started wizard opens.

  2. Review the feature integration information.
  3. Click Next.
  4. Select a Firewall Profile.

    Profile

    Description

    Basic protection

    Allows access only to the regional domains specified during the next step.

    Include subnets only

    Allows access only to local network sources.

    Restricted security

    Allows access to frequently used service ports from devices on the local network or regional domains.
  5. Click Next.
  6. Select the region where the device is located.
  7. Click Next.
  8. Optional: Select Enable firewall.
  9. Click Finish.

QuFirewall finishes the initialization process.

Enabling QuFirewall

  1. Open QuFirewall.
  2. Click .

    A confirmation window opens.

  3. Click Yes.

QuFirewall enables the firewall.

Firewall Profiles

This screen controls the creation and configuration of profiles for QuFirewall. Profiles specify which connections are blocked based on a range of criteria. By default, QuFirewall offers several Firewall Profiles to get you started.

Important:

  • You can create up to 10 profiles.

  • Each profile can have a maximum of 128 rules.

Creating a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Click Add Profile > Create Profile.

    The Create Profile window opens.

  4. Specify a profile name.
    Note:

    Requirements:

    • Length: 1-32 characters

    • Valid characters: A-Z, a-z, 0-9

    • Valid special characters: Space ( ), Hyphen (-), Underscore (_)

  5. Optional: Configure the global rules.
    Note:

    Every profile automatically adds two global rules that are configured from QTS. QNAP recommends prioritizing these rules higher than any other custom rules to ensure proper functionality.

    Rule

    Description

    Application

    This rule automatically allows specific applications.

    View the application information by clicking .

    IP Access Protection

    This rule automatically blocks client IP addresses after too many failed login attempts within a specified time period.

    View the IP address information by clicking .

    Configure this rule by going to Control Panel > System > Security > IP Access Protection.
  6. Optional: Add new rules.
    1. Click Add Rule.

      The Add Rule window opens.

    2. Configure the rule.

      Setting

      User Action

      Permission

      Specify whether this rule allows or blocks matching connections.

      Interface

      Specify the network interface to monitor for connections.

      Source

      Specify the connection source for this rule.

      • Selecting Any applies this rule to all connections.

      • Selecting IP allows you to apply the rule to connections from a single IP, a specific subnet, or every IP within a specific range.

      • Selecting Region applies this rule to every connection from one or more specified countries.

        Note:

        You can specify up to 14 regions.

      Protocol

      Specify the IP protocol type for this rule.

      Port

      Specify the service port for this rule.

      This field is only available if the TCP or UDP protocol is selected.

      Note:

      • Ports must be between 1 - 65535

      • This field can have up to 15 ports.

      • Separate multiple ports with commas (,).

      • Use hyphens (-) without a space to indicate a port range.
    3. Click Apply.

      QuFirewall adds the rule.

  7. Click Apply.

    A confirmation window opens.

  8. Click Yes.

QuFirewall creates the profile.

Importing a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Click Add Profile > Import Profile.

    A file explorer window opens.

  4. Identify an existing firewall profile on your local device.
  5. Click Open.

    The Import Profile window opens.

  6. Specify a profile name.
    Note:

    Requirements:

    • Length: 1-32 characters

    • Valid characters: A-Z, a-z, 0-9

    • Valid special characters: Space ( ), Hyphen (-), Underscore (_)

  7. Optional: Configure the global rules.
    Note:

    Every profile automatically adds two global rules that are configured from QTS. QNAP recommends prioritizing these rules higher than any other custom rules to ensure proper functionality.

    Rule

    Description

    Application

    This rule automatically allows specific applications.

    View the application information by clicking .

    IP Access Protection

    This rule automatically blocks client IP addresses after too many failed login attempts within a specified time period.

    View the IP address information by clicking .

    Configure this rule by going to Control Panel > System > Security > IP Access Protection.
  8. Optional: Add new rules.
    1. Click Add Rule.

      The Add Rule window opens.

    2. Configure the rule.

      Setting

      User Action

      Permission

      Specify whether this rule allows or blocks matching connections.

      Interface

      Specify the network interface to monitor for connections.

      Source

      Specify the connection source for this rule.

      • Selecting Any applies this rule to all connections.

      • Selecting IP allows you to apply the rule to connections from a single IP, a specific subnet, or every IP within a specific range.

      • Selecting Region applies this rule to every connection from one or more specified countries.

        Note:

        You can specify up to 14 regions.

      Protocol

      Specify the IP protocol type for this rule.

      Port

      Specify the service port for this rule.

      This field is only available if the TCP or UDP protocol is selected.

      Note:

      • Ports must be between 1 - 65535

      • This field can have up to 15 ports.

      • Separate multiple ports with commas (,).

      • Use hyphens (-) without a space to indicate a port range.
    3. Click Apply.

      QuFirewall adds the rule.

  9. Click Apply.

    A confirmation window opens.

  10. Click Yes.

QuFirewall imports the profile.

Editing a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Identify an existing profile.
  4. Under Action, click .

    The Edit Profile window opens.

  5. Specify a profile name.
    Note:

    Requirements:

    • Length: 1-32 characters

    • Valid characters: A-Z, a-z, 0-9

    • Valid special characters: Space ( ), Hyphen (-), Underscore (_)

  6. Optional: Configure the global rules.
    Note:

    Every profile automatically adds two global rules that are configured from QTS. QNAP recommends prioritizing these rules higher than any other custom rules to ensure proper functionality.

    Rule

    Description

    Application

    This rule automatically allows specific applications.

    View the application information by clicking .

    IP Access Protection

    This rule automatically blocks client IP addresses after too many failed login attempts within a specified time period.

    View the IP address information by clicking .

    Configure this rule by going to Control Panel > System > Security > IP Access Protection.
  7. Optional: Add new rules.
    1. Click Add Rule.

      The Add Rule window opens.

    2. Configure the rule.

      Setting

      User Action

      Permission

      Specify whether this rule allows or blocks matching connections.

      Interface

      Specify the network interface to monitor for connections.

      Source

      Specify the connection source for this rule.

      • Selecting Any applies this rule to all connections.

      • Selecting IP allows you to apply the rule to connections from a single IP, a specific subnet, or every IP within a specific range.

      • Selecting Region applies this rule to every connection from one or more specified countries.

        Note:

        You can specify up to 14 regions.

      Protocol

      Specify the IP protocol type for this rule.

      Port

      Specify the service port for this rule.

      This field is only available if the TCP or UDP protocol is selected.

      Note:

      • Ports must be between 1 - 65535

      • This field can have up to 15 ports.

      • Separate multiple ports with commas (,).

      • Use hyphens (-) without a space to indicate a port range.
    3. Click Apply.

      QuFirewall adds the rule.

  8. Click Apply.

    A confirmation window opens.

  9. Click Yes.

QuFirewall saves the profile.

Duplicating a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Identify an existing profile.
  4. Under Action, click > Duplicate.

    The Duplicate Profile window opens.

  5. Specify a profile name.
    Note:

    Requirements:

    • Length: 1-32 characters

    • Valid characters: A-Z, a-z, 0-9

    • Valid special characters: Space ( ), Hyphen (-), Underscore (_)

  6. Optional: Configure the global rules.
    Note:

    Every profile automatically adds two global rules that are configured from QTS. QNAP recommends prioritizing these rules higher than any other custom rules to ensure proper functionality.

    Rule

    Description

    Application

    This rule automatically allows specific applications.

    View the application information by clicking .

    IP Access Protection

    This rule automatically blocks client IP addresses after too many failed login attempts within a specified time period.

    View the IP address information by clicking .

    Configure this rule by going to Control Panel > System > Security > IP Access Protection.
  7. Optional: Add new rules.
    1. Click Add Rule.

      The Add Rule window opens.

    2. Configure the rule.

      Setting

      User Action

      Permission

      Specify whether this rule allows or blocks matching connections.

      Interface

      Specify the network interface to monitor for connections.

      Source

      Specify the connection source for this rule.

      • Selecting Any applies this rule to all connections.

      • Selecting IP allows you to apply the rule to connections from a single IP, a specific subnet, or every IP within a specific range.

      • Selecting Region applies this rule to every connection from one or more specified countries.

        Note:

        You can specify up to 14 regions.

      Protocol

      Specify the IP protocol type for this rule.

      Port

      Specify the service port for this rule.

      This field is only available if the TCP or UDP protocol is selected.

      Note:

      • Ports must be between 1 - 65535

      • This field can have up to 15 ports.

      • Separate multiple ports with commas (,).

      • Use hyphens (-) without a space to indicate a port range.
    3. Click Apply.

      QuFirewall adds the rule.

  8. Click Apply.

    A confirmation window opens.

  9. Click Yes.

QuFirewall duplicates the profile.

Exporting a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Identify an existing profile.
  4. Under Action, click > Export.

QuFirewall prepares the file for download.

Deleting a Firewall Profile

  1. Open QuFirewall.
  2. Click Firewall Profiles.
  3. Identify an existing profile.
  4. Under Action, click > Delete.

    A confirmation window opens.

  5. Click Delete.

QuFirewall deletes the profile.

Firewall Events

This screen displays previously logged firewall events.

Filtering Firewall Events

  1. Open QuFirewall.
  2. Click Firewall Events.
  3. Click Filter.

    The Filter window opens.

  4. Specify the filter criteria.

    Criteria

    User Action

    Day Period

    Specify a date range for the filtered events.

    Time Period

    Specify a time period for the filtered events.

    Interface

    Specify the network interface connected to the filtered events.

    Port

    Specify the service port connected to the filtered events.

    Source

    Specify the connection source of the filtered event.

    • Select IP to specify a specific IP address.

    • Select Location to specify a specific country.
  5. Click Search.

QuFirewall filters the firewall events.

Exporting Firewall Events

  1. Open QuFirewall.
  2. Click Firewall Events.
  3. Click Export.

    A confirmation window opens.

  4. Click Save.

QuFirewall prepares the file for download.

Capture Events

This screen allows you to capture all the denied packets during a specified duration of time. After capturing the packets, you can download a text file and inspect the involved sources, protocols, and ports.

Capturing Denied Packets

  1. Open QuFirewall.
  2. Click Capture Events.
  3. Optional: Specify a duration.
    Note:

    The duration must be between 10 seconds and 30 minutes.

  4. Click Start Packet Capture.

    QuFirewall begins listening for denied packets.

  5. Wait for the specified duration.
    Tip:

    Click Stop to stop the capture process early.

  6. Click Save.

QuFirewall prepares the file for download.

Settings

This screen provides access to configuration options for QuFirewall.

Configuring GeoIP Update Settings

The GeoIP database identifies the geographic location of a connecting device.

  1. Open QuFirewall.
  2. Click > Settings.

    The Settings window opens.

  3. Go to GeoIP Update.
  4. Select when to update the GeoIP database.

    Option

    Description

    Do not check for GeoIP database update automatically

    QuFirewall does not automatically check for GeoIP database updates.

    Remind me when checking a new GeoIP database

    QuFirewall sends a notification when opening the application if an update to the GeoIP database is available.

    Automatically update the GeoIP database

    QuFirewall automatically updates the GeoIP database when an update is available.
  5. Click Apply.

QuFirewall saves the settings.

Configuring Firewall Event Settings

  1. Open QuFirewall.
  2. Click > Settings.

    The Settings window opens.

  3. Go to Firewall Events.
  4. Configure the settings.

    Setting

    User Action

    Storage Limitation

    Specify the number of days to store firewall events.

    Event Logging Frequency

    Specify how often to log the number of event occurrences.

    Alert Messages

    Specify the alert message threshold number. After crossing this threshold, QuFirewall registers a warning in the system log.
  5. Click Apply.

QuFirewall saves the settings.

Notification Settings

From here you can create and configure notification rules triggered by certain events.

Creating Event Notification Rules

  1. Open QuFirewall.
  2. Click Notification Settings.

    Notification Center opens and the Create event notification rule window appears.

  3. Select the events you want recipients to be notified of.
  4. Click Next.
  5. Select a security level.

    Security Level

    Description

    Information

    Information messages inform users of changes in the NAS settings or its applications.

    Warning

    Warning messages inform users of events when NAS resources, such as storage space and memory, are critically low, or when the hardware behaves abnormally.

    Error

    Error messages inform users of problems that occur when the system tries to update or run applications or processes or when it fails to enable or disable NAS features.
  6. Specify a keyword filter.

    Filter

    Description

    All messages

    Notification Center sends all notifications that are classified under the types you selected.

    Includes

    Notification Center sends only the notifications that are classified under the types you selected and includes the keywords you specify.

    To add keyword filters, click , and then specify one or more keywords.

    Excludes

    Notification Center sends only the notifications that are classified under the types you selected and excludes the keywords you specify.

    To add keyword filters, click , and then specify one or more keywords.
    Important:

    The event notification filter only accepts keywords that are in English or in any of the languages specified on the Event Notifications screen.

  7. Specify a time range when you want to receive notifications.
  8. Click Next.
  9. Select a delivery method.
  10. Configure the sender information.

    Method

    User Action

    Email

    1. Select an SMTP server.

      Tip:

      To add an SMTP server, see the Notification Center User Guide.

    2. Optional: Specify a custom subject line.

      This text replaces the original email subject line. Use this to help recipients better understand the notifications they receive.

    3. Optional: Select Send email as plain text.

    SMS

    Select an SMSC server.

    Note:

    To add an SMSC server, see the Notification Center User Guide.

    Instant Messaging or Push Service

    Notification Center automatically assigns Qbot.
  11. Configure the recipient information.

    Method

    User Action

    Email

    1. Click Select NAS User.

      The Select NAS User window appears.

    2. Select one or more NAS users.

    3. Click Finish.

      The Select NAS User window closes.

      Tip:

      • To add a recipient, click Add, and then specify their email address.

      • To delete a recipient, click .

    SMS

    1. Click Select NAS User.

      The Select NAS User window appears.

    2. Select one or more NAS users.

    3. Click Finish.

      The Select NAS User window closes.

    4. Select a country code for each recipient.

      Tip:

      • To add a recipient, click Add, and then specify their cell phone number.

      • To delete a recipient, click .

    Instant Messaging

    Select one or more recipients.

    Tip:

    To add instant messaging notification recipients, see the Notification Center User Guide.

    Push Service

    Select one or more recipients.

    Tip:

    To add push notification recipients, see the Notification Center User Guide.
  12. Optional: Click to send a test message.
  13. Optional: Click Add Pair to create a new pair.
  14. Click Next.
  15. Verify the rule settings.
  16. Click Finish.

    Notification Center displays the new rule on the Event Notifications screen.

Was this article helpful?

Yes. No.
32% of people think it helps.
Thank you for your feedback.

Please tell us how this article can be improved:

If you want to provide additional feedback, please include it below.

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top