DSM

DSM Version

General

Features

  • DiskStation Manager (DSM) is a Linux-based operating system used on Synology NAS
  • Its intuitive web interface allows you to easily and effortlessly manage your digital assets

Specifications

  • Supported browsers:
    • Google Chrome
    • Firefox
    • Microsoft Edge
    • Internet Explorer 10 or later
    • Safari 13 or later
    • Safari (iOS 13.0+ on iPad)
    • Google Chrome (Android 11.0+ on tablets)
  • Supported languages:
    • Czech, Danish, Dutch, English, French, German, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese Brazil, Portuguese European, Russian, Simplified Chinese, Spanish, Swedish, Traditional Chinese, Turkish, Thai

Account & Privileges

User & Group

Features

Account
  • Supports bulk user creation by importing user lists in UTF-8 encoded files
  • Supports adding users to more than one user groups for easy management
  • Supports configuring password strength and expiration rules
  • Allows self password reset for non-admin users
Privilege
  • Allows customizing the permission settings of individual folders and files for users and groups
  • Allows customizing the permission settings of applications for users, groups, and IP addresses
  • Supports setting quota for volumes/shared folders to control the maximum amount of storage space available to each user
  • Supports setting speed limits for users and groups for FTP, rsync, File Station, and Cloud Sync

Specifications

  • Number of maximum local users: 16,000
  • Number of maximum local groups: 512
  • Username length: Up to 64 Unicode characters
  • Group name length: Up to 32 Unicode characters
  • Password length: Up to 127 Unicode characters
  • User/group description length: Up to 64 Unicode characters
  • Maximum quota for ext4 volume: 4 TB
  • Customize password valid duration:
    • Range of days before the password becomes invalid: 1 - 999 days
    • Range of days before the system prompts users to change the password: 1 - 99 days
  • System reserved usernames and group names shown below cannot be deleted:
    • System users: "SynologyCMS", "MAILER-DAEMON", and "POSTMASTER"
    • Default users: "admin" and "guest"
    • Default groups: "administrators", "http", and "users"
  • All users belong to the "users" group by default and cannot be removed from this group
  • The "admin" account has full permission to access all services and applications on Synology NAS
  • Users in the "administrators" group have unlimited quota for volumes/shared folders
  • Prioritization for privileges:
    • Shared folder permission: No access > Read/Write > Read only
    • Application permission: Deny > Allow
  • When enabling Local Master Browser in SMB settings, the default "guest" account will be automatically enabled

Limitations

  • Naming limitations for usernames and group names:
    • Cannot contain special characters: {}|^[]?=:+/*()$!"#%&',;<>@`~
    • The first character cannot be a minus sign or a space, and the last character cannot be a space

Domain/LDAP

Features

  • Seamless integration with Windows AD, Azure AD Domain Service, and LDAP servers
  • Smooth access with Single-Sign-On (SSO) support
  • Intrinsic privilege settings to accommodate administration needs
  • Extensive integration to the Synology services

Specifications

  • Supports privilege settings of domain/LDAP users' and groups' access to shared folders and applications
  • Supports limiting transfer rates of DSM services used by domain/LDAP users and groups
  • Supports home folders for domain/LDAP users
  • Domain client
    • Supports trusted domains
    • Supports joining to a domain with a read-only domain controller (RODC)
    • Supports assigning up to 10 domain groups to become local administrator groups
    • Allows administrators to specify DC IP/FQDN, domain NetBIOS, and domain FQDN
  • LDAP client
    • Supports OpenLDAP, IBM Lotus Domino, and user-defined server profiles
    • Supports nested groups and UID/GID shifting
    • Based on LDAP version 3 (RFC2251)
  • SSO client
    • Supports Integrated Windows Authentication
    • Supports Synology SSO Server
    • Supports OpenID Connect SSO in Microsoft Azure AD Domain Service and IBM WebSphere
  • Apps supporting domain/LDAP users
    • SMB
    • FTP
    • WebDAV
    • File Station
    • Network Backup
    • Cloud Station
    • Cloud Sync
    • Audio Station
    • Video Station
    • Mail Service
    • Surveillance Station
    • Personal Web Station
    • Photo Station
    • VPN Server
    • Note Station
    • Synology Drive
    • Moments

Limitations

  • Domain/LDAP users and groups do not support special characters "[{}|^[]?=:+/*()$!"#%&',;<>@`~]"
  • LDAP users and groups can only use integers for their unique IDs
  • Synology LDAP client can only join an LDAP directory with the support of Samba schema. NT Password is required for accessing LDAP services via the SMB protocol
  • Synology LDAP client uses objectClass posixAccount for users and objectClass posixGroup for groups by default. If your LDAP server does not support posixAccount or posixGroup, please set up a profile to map the attributes correctly:
    • User name: posixAccount - uid
    • User ID: posixAccount - uidNumber
    • Group name: posixGroup - cn
    • Group ID: posixGroup - gidNumber
  • Synology LDAP client accounts do not support binding to a Synology Directory Server directory or other Active Directory (AD) domain services

Storage Management & File Access

File Services

Features

  • Comprehensive support of networking protocols — FTP, SMB, AFP, NFS, rsync, and WebDAV — on DSM to provide quick and secure sharing of critical digital assets and to offer seamless file sharing across Windows®, macOS®, and Linux® platforms
  • One compact, little box is enough to access files anytime and anywhere, via computer or mobile devices, and without any storage devices on hand
  • Integration with Universal Search and Finder on Mac to enable quick and in-depth search of indexed documents, photos, and other contents within mounted folders on Synology NAS

SMB protocol

Specifications

  • Up to 10,000 concurrent SMB connections (Capability varies depending on product model)
  • SMB1, SMB2, SMB3 end-to-end encryption, and Large MTU support
  • Flexible user option to restore Previous Versions of files and folders on Windows
  • Integrates Finder on Mac with Synology Universal Search
  • Supports full Windows ACL with up to 200 explicit permissions
  • Supports Recycle Bin
  • Supports server-side copy on Windows
  • Supports File Fast Clone on Btrfs file system
  • Supports sparse file
  • Supports Time Machine on macOS 10.12 and later versions
  • Supports transfer logs to monitor and record file operations. When transfer logging is enabled:
    • File deletion is logged by default
    • Other file operation events can be selected for monitoring in Log Settings
  • Supports SMB signing
  • Advanced SMB options:
    • General
      • Access settings for selected SMB versions
      • Transport encryption mode on SMB3
      • Veto criteria
      • Opportunistic Locking
      • SMB2 lease
      • SMB durable handles
      • Wildcard search cache
    • macOS
      • VFS module to convert Mac special characters
    • Others
      • Wide links
      • MSDFS VFS module
      • DirSort VFS module
      • Symbolic links
      • Local Master Browser
      • Disabling multiple connections from the same IP address
      • Strict allocate
      • Debug logs
      • Apply default UNIX permissions

Limitations

  • The minimum SMB protocol cannot be set to the SMB3. As SMB3 on DSM refers to SMB3.1.1, setting SMB3 as the minimum SMB protocol will prevent client devices supporting earlier SMB3 versions from accessing Synology NAS via the SMB protocol
  • Concurrent connections (up to 10,000) are shared between SMB, AFP, and FTP protocols
  • Workgroup name can contain up to 15 characters but cannot include the following characters: [ ] ; : " < > * + = \ / | ? ,
  • Disallowing access to Previous Versions is only available on vDSM and product models with the following package architectures: Apollo Lake, Avoton, Braswell, Broadwell, Bromolow, Cedarview, and Grantley (See this article for information on Synology NAS system models and corresponding package architectures)
  • Anonymous logon for the SMB protocol is not supported when transport encryption mode is enabled
  • Opportunistic Locking should be applied to avoid application timeouts when transport encryption mode is enabled
  • Enabling Local Master Browser will disable HDD hibernation and activate the guest account without a password
  • Integration with Finder on Mac to search for indexed folders via the SMB protocol is not available on NVR216 and VS360HD
  • Enabling SMB signing may reduce read/write performance during SMB file transfer
  • The more file operation events you select in Log Settings, the more impact it will have on the system performance

AFP protocol

Specifications

  • Up to 10,000 concurrent AFP connections (Capability varies depending on product model)
  • Integrates Finder on Mac with Synology Universal Search
  • Supports Time Machine on macOS
  • Supports Bonjour Time Machine broadcast
  • Supports File Fast Clone on Btrfs file system
  • Supports extended file attributes for color label/icon/extra information on macOS
  • Supports Recycle Bin
  • Supports transfer logs to monitor records of file manipulation
  • Advanced AFP options:
    • Apply default UNIX permissions
    • Release resources immediately after disconnection

Limitations

  • Integration with Finder on Mac to search for indexed folders is not available on NVR (Network Video Recorder) series
  • Integration with Finder on Mac to search mounted folders by tag name and category is only available on macOS 10.9 and later versions
  • Only a maximum of 255 shared folders can be displayed (in alphabetical order) when being accessed via the AFP protocol; however, the total number of created shared folders may exceed that number
  • Concurrent connections (up to 10,000) are shared between SMB, AFP, and FTP protocols

FTP protocol

Specifications

  • Up to 10,000 concurrent FTP connections (Capability varies depending on product model)
  • Supports FTP, FTP over SSL/TLS (explicit mode), and SFTP protocols
  • Timeout settings to disconnect idle users
  • Customized port ranges for passive FTP connections
  • Server-to-server file transfer via FXP (File eXchange Protocol)
  • Connection restriction settings for IP addresses
  • Speed limit settings for specific users or groups
  • Supports OpenSSL FIPS 140-2 validated cryptography module to enhance the security of FTPS sessions
  • Supports ASCII transfer mode
  • Supports UTF-8 encoding for files with multilingual filenames
  • Supports Recycle Bin
  • Advanced FTP options:
    • Root directory for each user
    • Anonymous FTP
    • Transfer logs
    • Apply default UNIX permissions

Limitations

  • Server cannot be accessed via the FTP protocol by the "guest" account

NFS protocol

Specifications

  • Supports NFS version 2, 3, 4, and 4.1 protocols
  • Supports NFS 4.1 multipathing
  • Supports UNIX/Kerberos security styles
  • Customized service ports
  • Read/write packet size settings

Limitations

  • Kerberos is only supported by the NFS protocol on specific product models (See product spec for more information)

Rsync

Specifications

  • Supports rsync version 3.0.9 protocol
  • Supports customized rsync configuration to assign user privileges
  • Supports SSH encryption protocol during file transfer
  • Supports SSH port customization
  • Speed limit settings (scheduled and non-scheduled) for specific users or groups
  • Packages and services running the rysnc protocol:
    • Shared Folder Sync
    • Time Backup
    • LUN backup
    • rsync backup

Storage Manager

Features

  • Intuitive storage management application to monitor the overall storage usage of your Synology NAS
  • RAID-based storage systems to provide fault tolerance and increase performance
  • Support for both Btrfs and ext4 file systems
    • The Btrfs file system can perform file self-healing to automatically detect silent data corruption and recover corrupted data (See limitation 1)
  • Support for SSD cache to enhance system performance

Specifications

General
  • File system types:
    • ext4 and Btrfs (See limitation 2)
    • For external devices: ext4, ext3, FAT32, NTFS, Btrfs, exFAT, and HFS+
  • RAID types:
    • Basic, SHR-1, SHR-2, JBOD, RAID 0, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1
  • RAID conversion:
    • Basic to RAID 1, Basic to RAID 5, RAID 1 to RAID 5, RAID 5 to RAID 6, and SHR-1 to SHR-2
  • Up to 512 shared folders, including 128 encrypted ones
  • Up to 256 volumes
  • Supports creating global and dedicated hot spare drives
  • Supports expanding storage pool and volume capacity (See limitation 3)
  • Supports creating SSD read-only caches and SSD read-write caches:
    • Only uses up to a quarter of the pre-installed system memory for SSD cache creation
    • Requires approximately 416 KB of system memory for every 1 GB of SSD cache (Expandable memory included)
  • Supports setting volume usage quota
  • Supports setting usage and user quota for shared folders in the Btrfs file system
  • Supports scheduling data scrubbing to ensure data integrity (See limitation 4)
  • Supports adjusting the data scrubbing speed limit, repairing storage pools, expanding storage pools, and changing the RAID types of storage pools
  • Supports RAID Group to improve the level of protection (See limitation 5)
  • Supports Dynamic Bad Sector Mapping to enhance data integrity during storage pool repair
  • Supports complete Windows access control list (ACL)
  • Supports encrypting shared folders with AES-256 CBC mode
Drive Management
  • Supports HDD hibernation feature for power saving
  • Supports SSD TRIM feature for sustained performance
  • Supports scheduling S.M.A.R.T. tests
  • Supports Seagate IronWolf Health Management (IHM)
  • Supports deactivating drives while Synology NAS is powered on to prevent service disruption
  • Supports switching the LED indicator of a specific drive slot
ext4 File System
  • Maximum single file size: 16 TiB
  • Maximum file name length: 255 bytes (See limitation 6)
  • Maximum path name length: 4,096 bytes (See limitation 6)
  • Maximum symbolic link depth: 40
  • Maximum single volume size: 200 TiB (See limitation 7)
  • Recommended maximum number of files per folder in the same level: 100,000
Btrfs File System
  • Maximum single file size: 16 TiB
  • Maximum file name length: 255 bytes (See limitation 6)
  • Maximum path name length: 4,096 bytes (See limitation 6)
  • Maximum symbolic link depth: 40
  • Maximum single volume size: 200 TiB (See limitation 7)
  • Recommended maximum number of files: 1,000,000,000
  • Recommended maximum number of files per folder in the same level: 100,000
  • Supports inline compression
  • Supports performing file self-healing to automatically detect and recover silent data corruption on metadata and data (See limitation 1)
  • Supports copying data instantly via the SMB protocol when the source and destination of the data are located in the same Btrfs volume
  • Allows manual implementation of file system defragmentation to enhance system performance
  • Integrated with Synology Drive Server and Hyper Backup to enhance storage efficiency and data consistency
Snapshots on the Btrfs File System
  • Supports taking snapshots and creating replication tasks for shared folders and LUNs
  • Supports taking application-consistent snapshots
  • Supports browsing read-only snapshots
  • Supports Windows Previous Versions feature
  • Maximum number of snapshots (Refer to Snapshot Replication's specifications for details)

Limitations

  1. The data checksum option must be enabled on a shared folder before silent data corruption detection can take effect (Only SHR, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1 support corrupted data recovery)
  2. Refer to this article for more details about the Btrfs file system and which Synology NAS models are compatible with it
  3. Only certain RAID types support expanding storage pool and volume capacity by adding or replacing drives (Refer to this article for more information)
  4. File system scrubbing (only supported on the Btrfs file system) and RAID scrubbing (only supported on RAID 5, RAID 6, and RAID F1) will run sequentially when data scrubbing is performed
  5. RAID Group is available on specific models only (Refer to this article for more information)
  6. Different character encodings may contain different data sizes (e.g., a character with UTF-8 encoding may contain 1 to 4 bytes)
  7. Varies according to models (Refer to this article for more information)

File Station

Features

  • The default file manager for browsing, previewing, and managing files and folders stored on Synology NAS
  • Shareable file links can be easily created, added with password-protection or validity period, and then be safely shared to specific users
  • Easy access from the following devices: personal computers, tablets, and mobile phones
  • Virtual drives, remote folders, and public cloud storage can be mounted on Synology NAS with File Station to make remote data readily and locally accessible

Specifications

  • Supports up to:
    • 100 concurrent remote folders
    • 100 cloud services and file servers
    • 1,000 shared file links
    • 1,000 files in the upload queue
    • 512 local groups*
    • 512 shared folders*
    • 16,000 local user accounts*
  • Recycle Bin to recover or retrieve deleted files
  • Viewable and adjustable ACL permissions of files and folders
  • Supports Windows ACL editor
  • Customizable displays of additional attributes
  • Interface to edit the music information of audio files
  • Management of files and folders stored on Synology NAS includes:
    • Creating, renaming, or deleting files and folders
    • Copying or moving files and folders
    • Uploading or downloading files and folders
    • Compressing or extracting archived files and folders
    • Viewing documents from Synology Office, Microsoft Office Online, or Google Docs
    • Using Photo Viewer to view photos, Video Player to view videos, and Audio Player to play audio files
    • Browse folders/files in list view, tile view and thumbnail view
  • Drag and drop to move files between browser windows
  • Supports keyboard shortcuts
  • Virtual drives can be mounted to access the contents of disc (.iso) image files
  • Remote folders can be mounted from remote servers supporting the SMB1/SMB2/SMB3/NFS protocols
  • Remote connection to public cloud services and file servers can be made via a variety of protocols
    • Supported public cloud services include:
      • Box
      • Dropbox
      • Google Drive
      • Microsoft OneDrive
    • Supported protocols include:
      • FTP
      • SFTP
      • WebDAV
      • WebDAV HTTPS
  • Files can be shared:
    • With other users on the same Synology NAS
    • As email attachments with a built-in email client
    • Via easily generated shared file links or QR codes
    • By creating and managing file requests (i.e., file-uploading invitations) to be sent to non-DSM users
  • Shared file links can be:
    • Configured with validity periods, valid access times, and password protection to enhance security
    • Centrally managed via Shared Links Managers where users can edit, share, or remove existing shared links
  • Search (both regular and advanced) can be performed to find and display the desired files according to various criteria
  • Indexing folders allows for more efficient search results
  • Logs regarding file transfer and user activities are available for review and export
  • Speed limits can be set for specific users and groups transferring files

Limitations

  • A folder containing more than 10,000 subfolders cannot be opened at the lower folder to ensure optimal browser performance
  • For non-encrypted shared folders, file/folder name should be within 255 English characters (up to about 80 characters for non-Latin languages), and the file path should be within 4,096 English characters
  • For encrypted shared folders, file/folder name should be within 143 English characters (up to about 47 characters for non-Latin languages), and the file path should be within 2,048 English characters
  • Drag and drop between browsers or between tabs is not supported on Internet Explorer
  • Remote connection folders and mounted remote folders do not allow for regular searches to be performed
  • Virtual drives and .iso files can only be mounted to subfolders contained within shared folders
  • NFSv4 only supports the TCP protocol
  • Certain features cannot be applied to files stored on public cloud services or file servers, e.g., Compress to, Extract, Preview
  • The user speed limit settings of the connected cloud service or file server can affect the overall transfer speed of that remote connection
  • File request links do not allow for folders to be uploaded
  • Certain cloud-specific limitations may apply when connecting to a cloud service. Please refer to this link for more information
  • Upload feature may vary with the type of web browser used. Please refer to this link for more information

Network Management

External Access

QuickConnect

Features

  • Allows secure and smooth connections from mobile and PC clients to Synology NAS via the Internet without the hassle of setting up port forwarding rules and router configurations
  • Creates a readable URL that allows easy file sharing both internally and externally for certain Synology packages

Specifications

  • Ensures server connection efficiency by a LAN/WAN detection mechanism to choose the optimal connection method (Learn more)
  • Ensures server reachability by choosing the optimal connection route and the optional QuickConnect relay service
  • Secures network connections with end-to-end encryption if SSL is enabled
  • Applies required port forwarding rules on compatible UPnP routers automatically
  • Customizable permissions for applications to allow access via QuickConnect
  • Supports detailed incident records for QuickConnect on the Synology Service Status website (Learn more)
  • Supports the following applications and services:
    • DSM
    • SRM
    • Central Management System (CMS)
    • Application Portal
    • Photo Station
    • Moments
    • Audio Station
    • Surveillance Station (including Synology Surveillance Station Client)
    • Download Station
    • Cloud Station (Cloud Station Backup and Cloud Station Drive)
    • Synology Drive Server (including Synology Drive Client)
    • Video Station
    • File Station
    • File Sharing
    • Chat (including Synology Chat Client)
    • Note Station (including Synology Note Station Client)
    • All Synology mobile apps (LiveCam & VPN Plus is excluded)

Limitations

  • Connections to third-party applications are not supported
  • Not supported on certain services and packages that require mapping directly to an IP address or a DDNS
  • Relayed QuickConnect connections may be slower than connections via port forwarding because of longer network latency
  • Relay service might not work because of certain limitations of ISPs in some regions

DDNS

Features

  • Translates the domain name of your Synology NAS to an IP address
  • Multiple DDNS providers
  • Synology Heartbeat service DDNS server
  • Supports custom DDNS provider profiles

EZ-Internet

Features

  • Express Setup: Supports UPnP & NAT-PMP routers
  • Advanced Setup: Supports signing in to a router with an admin account
  • Supports custom ports for router port-forwarding rules
  • Provides router port accessibility test to ensure forwarded ports can be accessed from the Internet

Network

Features

  • Multiple Internet connection types
  • Static routes on multiple gateways
  • Wi-Fi hotspots for easy connection
  • IPv6 Tunneling
  • Controls traffic flow and bandwidth for specific protocols

Specifications

  • General
    • Supported network protocols: PPPoE, DHCP, static IP
    • Supported VPN connection types: PPTP, L2TP/IPsec, OpenVPN (via .ovpn file)
    • Supported IPv6 transition mechanisms: 6in4, 6to4, DHCPv6-PD
    • Supports multiple gateways
    • Manually appoints preferred and alternate DNS servers
    • Supports replying to ARP requests when the target IP address is the local address configured on the incoming interface
    • Establishes the connection to a proxy server
    • Supports 802.11Q VLAN to assign VID for each LAN interface
    • Supported 802.11X authentication protocols: PAEP, TTLS, TLS
  • Mobile broadband connection
    • Internet access via 3G/4G dongle (Compatibility List)
    • Supports entering PIN, username, password, and phone number
    • Supports changing the default gateway
    • Displays signal strength
  • Supported modes for Link Aggregation:
    • Adaptive Load Balancing
    • IEEE 802.3ad Dynamic Link Aggregation
    • Balance XOR
    • Active/Standby
  • Traffic control
    • Sets outbound bandwidth for services with specific TCP/UDP ports
    • Supports Bond and PPPoE interface
    • Maximum number of rules: 100
  • Static routing
    • Supports LAN, VPN, and Bond
    • Sets up routing rules to a specific interface or Bond
    • Maximum number of static routes: 100

Limitations

  • Internet connection
    • Maximum number of concurrent VPN connections: 1
  • VLAN
    • Each network interface allows only one VID
  • Traffic control
    • Only the outbound traffic is supported
    • Maximum number of ports in a rule: 15

System Management

Terminal & SNMP

Specifications

  • Telnet/SSH
  • Customized SSH cipher list
  • Supports SSH hardware accelerated ciphers

Notification

Features

  • Send notification messages via SMS, email, or other push services when system status changes or errors occur
    • Push notifications on macOS Safari and Google Chrome (with Chrome extension)
    • Push notifications on DS finder and DS cam
    • Email notifications from Synology mail service
    • Supports system notifications for DSM, Surveillance Station, and Download Station
  • Customized event types that will trigger the system to send notification messages

Task Scheduler

Features

  • Scheduled tasks can automatically perform the following actions:
    • Run user-defined scripts
    • Empty Recycle Bins
    • Emit beep sounds
    • Start/stop services

Resource Monitor

Features

  • CPU, RAM, disks, and network usage status
  • Volume/iSCSI LUN usage status
  • Resource usage history
  • Current user connections
  • Status of file transferring managed by Speed Limit

Security

Features

  • Protects and encrypts data with multiple security standards
  • Manages multiple firewall rules for specific protocols and services
  • Automatically blocks remote connections to avoid malicious attacks and hacking
  • Capability to fully scan files and security settings of the system
  • Supports 3rd party or self-signed certificates

Specifications

  • General
    • Runs Rapid7 vulnerability scans regularly
    • Military-grade AES encryption for shared folders and data transmission
    • Integration with Let's Encrypt to apply for and manage SSL certificates with ease
    • Trust level to safeguard from installing unknown or tampered package files
  • Web Security
    • Automatic logout timer provides a layer of security, with a default timeout duration of 15 minutes of inactivity
    • Admins can restrict users from embedding DSM into other web pages with iFrame
    • Option to set system protection against cross-site scripting attacks
    • Option to enhance system security with HTTP content security policy (CSP) header by allowing only data from trusted sources and restricting inline script execution
    • Supports trusted proxy server
    • Supports management of different access profiles
  • Security Advisor
    • Checks for available DSM and package version updates to ensure security and protect against vulnerabilities
    • Scans system and related network settings, and detects and removes malware for enhanced system security
    • Account and password strength detection
    • Automatically alerts users upon detecting logins from suspicious IP
    • Automatically updates security definitions database to stay up-to-date
  • Firewall
    • Access to ports or services can be individually customized to allow/deny specific IP addresses
    • Supports GeoLite data created by MaxMind
    • Admins can create firewall rules based on geographic regions
    • Admins can organize firewall rules into different firewall profiles
    • DDoS protection on all LANs and PPPoE
    • VPN pass-through for PPTP, L2TP, IP Sec
    • Maximum locations in a rule: 15
    • Maximum rules: 100
  • Auto Block & Account Protection
    • Services which support Auto Block:
      • DSM, SSH, Telnet, rsync, network backup, shared folder sync, FTP, WebDAV, File Station, Photo Station, Audio Station, Video Station, Download Station, Mail Server, Mail Station, Time Backup, VPN Server, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
    • Services which support Account Protection:
      • DSM, File Station, Audio Station, Video Station, Download Station, Mail Station, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
    • IP block can be triggered based on a specified number of failed login attempts within a predefined duration. System supports black list and white list to increase management flexibility
    • Account Protection sets separate login attempt, frequency, and protection cancellation rules for trusted and untrusted clients
  • Certificate Management
    • Supports the import and management of multiple certificates
    • IEEE 802.1X compatibility
    • Supports multiple certificates for different services:
      • Web Apps (HTTPS) and WebDAV
      • FTP SSL/TLS
      • Mail Services
      • RADIUS Server
      • VPN Server
      • Replication Service
      • Synology Drive Server
      • Active Backup for Business
      • CardDAV Server
      • Synology Directory Server
      • Hyper Backup Vault
      • Presto File Server
      • File Station
      • Reverse Proxy
      • Web Station
      • Virtual Host
      • QuickConnect
      • Syslog
      • Surveillance
    • Supports the creation and auto-renewal of Let's Encrypt wildcard certificate
  • TLS/SSL Profile Level Management
    • Supports TLS v1.0/1.1/1.2
    • Supports multiple TLS/SSL Profile Levels for different services:
      • Web Apps (HTTPS) and WebDAV
      • FTP SSL/TLS
      • Mail Services
      • RADIUS Server
      • VPN Server
  • 2-step verification
    • Time-based One-Time Password (TOTP) protocol
    • 2-step verification enforcement for specific user groups
    • Allows trusted devices to skip the 2-step verification step
    • Supports Google Authenticator and Microsoft Authenticator mobile apps
  • Misc
    • Offers HTTP Compression for speeding up web page load time
    • Built-in AES-NI hardware encryption engine

Limitations

  • Firewall
    • GeoIP database can only be upgraded along with DSM updates
  • Certificate Management
    • Certificate encryption algorithm is supported by RSA only
    • Certificates must be in X.509 PEM format
    • Private keys must be in RSA format and cannot be passphrase protected
    • Certificates issued by Let's Encrypt are valid for 90 days and can be automatically renewed by DSM before they expire. Please make sure your Synology NAS and router have port 80 open for certificate renewal
  • 2-step verification
    • Only users in the administrators group can disable the 2-step verification for regular users
    • Email reset for users in the administrators group is disabled. Users in the administrators group must soft reset the device to remove 2-step verification

Log Center

Features

  • Offers an easy solution for gathering and displaying log messages on Synology NAS
  • Centralized log management interface and the flexible search function to help you find useful information efficiently

Specifications

  • The following functions are only provided by the Log Center package, but not the built-in Log Center application:
    • Archives logs by specified time, number of logs, the data size, and hosts
    • Sends logs to another log server
      • Supports TCP and UDP transfer protocol
      • Supports BSD (RFC 3164) and IETF (RFC 5424) format
      • Supports secured SSL connection by importing certificates
      • Supports sending logs filtered by service categories or log levels
    • Receives logs from the other log servers
      • Supports TCP and UDP transfer protocol
      • Supports BSD (RFC 3164), IETF (RFC 5424), and other customized formats
      • Supports secured SSL connection by importing certificates
    • Keeps the configuration history of the Log Center package
  • Receives up to 3,000 syslog events per second
  • Proactive email notification according to log level or specified keywords
  • Advanced log search engine filtering logs by keywords, date range, and log level
  • Supports exporting logs to HTML or CSV files

Affiliated Utility

Synology Assistant

Features

  • An easy-to-use tool for managing your Synology NAS and other devices in the local area network (LAN)
    • For locating and connecting to Synology devices and checking status
    • For centrally managing printers attached to Synology NAS

Specifications

  • System requirements
    • Windows 10 or above
    • macOS 12.4 or above
    • Ubuntu 20.04 or above
  • Supports displaying the following information for Synology devices:
    • Server name
    • IP address
    • IP status
    • Server status
    • MAC address
    • Firmware version
    • Model
    • Serial number
    • WOL (Wake-on-LAN) status
  • Supports mapping a shared folder as a network drive
  • Supports using WOL to remotely wake up Synology NAS
  • Offers memory diagnostic tests for Synology NAS and routers

Limitations

  • Please check Synology Products Compatibility List for compatible printers before setting one up
  • USB printers must be directly connected to Synology NAS via USB ports, not USB hubs
  • The memory card function of connected printers is not supported
  • Servers are unable to provides services during memory diagnostic tests

DS finder (Mobile)

Features

  • An app that lets you set up and install DSM on Synology NAS directly from your mobile device
  • Supports searching and locating Synology NAS within the same LAN
  • Supports various useful functions to configure your Synology NAS
  • Sends push notifications to your mobile device when system events take place

Specifications

  • System requirements
    • iOS: 13.0 or above
    • Android: 8.0 or above
  • Supports searching and connecting to NAS within the same LAN
  • Supports installing DSM for your NAS with the installation wizard
    • Automatically installs certain Synology packages for your Synology NAS directly from your mobile device
    • Creates Synology Hybrid RAID (SHR) as the default RAID type for quick and easy allocation of your drives' storage space
  • Recommends certain Synology mobile apps for your mobile device
  • Supports managing multiple NAS in one mobile app
  • Supports customizing a port for the Wake-on-LAN (WOL) function to wake up your NAS over the Internet
  • Supports shutting down and restarting NAS directly from your mobile device
  • Triggers beep sounds from your NAS to easily find its location
  • Monitors storage usage and hard drives' health conditions
  • Supports user management, such as adding and deleting users, managing credentials and status, and assigning user groups
  • Supports enabling push notifications to trigger notifications when specific system events take place
  • Supports configuring DSM update settings to automatically update DSM, automatically check for updates, or schedule a time to check for updates
  • Provides system and network information to view all the details about your devices
  • Supports configuring auto IP blocking with the options of blocking rules and block/allow list
  • Supports binding a Synology Account to each NAS for the following services:
    • Supports enabling and setting up QuickConnect to access your NAS in WAN
  • Allows for accessing DSM via a mobile web version without having to use a web browser
  • Supports passcode lock to secure the accessibility of your Synology NAS

Limitations

  • Only desktop models whose names start with "DS" are supported

DS file (Mobile)

Features

  • Mobile application for managing files stored on your Synology NAS through secure HTTPS connection
  • Browse pictures, watch videos, or check work documents on the go

Specifications

  • System requirements
    • iOS: 14.0 or above
    • Android: 8.0 or above
  • Supports logging in securely via SSL/TLS connections and verifying the server certificate installed on your Synology server
  • Supports sharing credentials with other Synology mobile apps and recording login history, allowing you to skip entering user credentials multiple times
  • Supports file management and file navigation
    • Basic operations: Uploading, downloading, moving, copying, renaming files
    • General supported file types:
      • Documents: doc, docx, pdf, ppt, pptx, txt, xls, xlsx, htm, html
      • Images: jpg, jpeg, png, gif, bmp, tiff
      • Video: mp4, m4v, mov
      • Audio: mp3, m4a, wav, aac, 3gp, wav
      • The supported file formats vary depending on the capabilities of your mobile device
    • My Favorites: Supports adding frequently accessed files as shortcuts
    • Offline Files: Supports pinning files for access without Internet connection
    • Tasks: Supports displaying ongoing upload and download tasks and their respective statuses
  • Supports sharing files and folders with customized link settings to protect your data
    • Validity Period
    • Password
  • Supports backing up photos from your mobile device to your Synology NAS with granular settings
    • Backup modes:
      • Back up new photos: Back up only newly added photos/videos
      • Back up all photos: Back up newly added photos/videos as well as existing ones
    • Backup rules:
      • Upload on Wi-Fi only: Back up photos/videos only when your mobile device runs on Wi-Fi
      • Upload photos only: Back up only photos but not videos
      • Keep Original File Name: Keep original file names of backed up photos/videos. If not enabled, their file names are replaced with the date they were created
      • Live Photo: Upload live photos only, or upload both photo and video
    • Free up mobile space: Remove the photos and videos that have been backed up to your Synology NAS to release storage space on your mobile device
  • Supports archiving and extracting items to save storage space and provides password protection to safeguard sensitive data
    • File formats supported for extraction: zip, .tar, .gz, .tgz, .rar, .7z, .iso (ISO 9660 and Joliet)