Frequently asked questions about QuFirewall

QuFirewall is a firewall management application for QNAP devices. Integrating a powerful and easy-to-use profile system, QuFirewall lets you control and review connections to your device. Click here for instructions on how to use QuFirewall.

This notification indicates QuFirewall has successfully blocked or denied access to your device. By default, QuFirewall sends this notification after blocking 30 connection attempts. Click here for more information.

Blocked IP addresses can be found under QuFirewall > Firewall Profile > Basic Protection > IP access Protection and click [...].

PSIRT refers to the QNAP Product Security Incident Response Team. This team regularly updates a list of ransomware that poses security threats and blocks any IP addresses that are associated with them.

The (3) refers to number of IP addresses that are currently blocked by PSIRT. These IP addresses are as follows:

• 93.206.246.22
• 185.10.68.89
• 185.198.57.185

Click here for more information.

The default rules in basic protection will still allow the IP address originated in the same country. Try using use Geo IP location service (e.g.IP location to identify where the IP comes from.

The source IP is 127.0.0.1, but this does not mean that QuFirewall is blocking packets from the system (127.0.0.1). In this case the source IP does not correspond to the IP that has blocked the packet, the Source IP 127.0.0.1 corresponds to the Notification Center origin IP, which is the NAS. That means the system is generating the message, so it is correct to see displayed IP 127.0.0.1. Click here for more information.

You can increase the Alert message threshold value in QuFirewall settings. The default value is 30. For example, if you receive the message once a day (this means 30 access attempts were blocked in a day), you can change the value to 210. You will receive the message once a week (this means 210 access attempts were blocked in a week). Click here for more information.

QuFirewall can record all blocked packets. To find the detailed content of packets blocked by QuFirewall, go to QuFirewall > Capture Events > Start Packet Capture, after the duration time then save the captured file for analysis. Click here for more information.

The PCAP file type is primarily associated with Wireshark. You can use an online text editor to view their content. Click here for more information.

If your firewall rules are configured as basic, this may be expected behavior. Click here for more information.

To allow VPN connections to the NAS after enabling QuFirewall, you must add rules to allow the traffic to go through. Click here for more information.

The region-based firewall rule works by recognizing network access sources. If the network is configured with a NAT loopback (hairpinning) on the device or the firewall, QuFirewall cannot recognize the original source connection. In such instances, a region-based firewall rule will not work. Click here for more information.

Enabling the “restricted security” profile allows access only to QTS applications. To allow access to third-party applications, you must create an “allow” rule in one of the default QuFirewall profiles to explicitly permit certain traffic across the firewall. Click here for more information.

The default FTP service port is TCP 20-21. Go to QuFirewall Firewall Profiles > Add Profile > Create Profile, then add an allow rule for FTP service and move it before the “deny all” rule priority. Click here for more information.