Supports bulk user creation by importing user lists in UTF-8 encoded files
Supports adding users to more than one user groups for easy management
Supports configuring password strength and expiration rules
Allows self password reset for non-admin users
Privilege
Allows customizing the permission settings of individual folders and files for users and groups
Allows customizing the permission settings of applications for users, groups, and IP addresses
Supports setting quota for volumes/shared folders to control the maximum amount of storage space available to each user
Supports setting speed limits for users and groups for FTP, rsync, File Station, and Cloud Sync
Specifications
Number of maximum local users: 16,000
Number of maximum local groups: 512
Username length: Up to 64 Unicode characters
Group name length: Up to 32 Unicode characters
Password length: Up to 127 Unicode characters
User/group description length: Up to 64 Unicode characters
Maximum quota for ext4 volume: 4 TB
Customize password valid duration:
Range of days before the password becomes invalid: 1 - 999 days
Range of days before the system prompts users to change the password: 1 - 99 days
System reserved usernames and group names shown below cannot be deleted:
System users: "SynologyCMS", "MAILER-DAEMON", and "POSTMASTER"
Default users: "admin" and "guest"
Default groups: "administrators", "http", and "users"
All users belong to the "users" group by default and cannot be removed from this group
The "admin" account has full permission to access all services and applications on Synology NAS
Users in the "administrators" group have unlimited quota for volumes/shared folders
Prioritization for privileges:
Shared folder permission: No access > Read/Write > Read only
Application permission: Deny > Allow
When enabling Local Master Browser in SMB settings, the default "guest" account will be automatically enabled
Limitations
Naming limitations for usernames and group names:
Cannot contain special characters: {}|^[]?=:+/*()$!"#%&',;<>@`~
The first character cannot be a minus sign or a space, and the last character cannot be a space
Domain/LDAP
Features
Works with Windows AD, Microsoft Entra Domain Services, LDAP servers, and Synology Directory Server
Supports Single-Sign-On (SSO)
Allows setting and managing domain/LDAP user and group privileges
Allows domain/LDAP users to access Synology packages and services
Specifications
Supports setting privileges for domain/LDAP users and groups to access shared folders and applications
Supports quota settings for domain/LDAP users and groups
Supports limiting transfer rates of DSM services used by domain/LDAP users and groups
Supports home folders for domain/LDAP users
Supports Kerberos v5 and NTLMv2 authentication when integrated with Synology Directory Server
Supports file access through the following protocols: SMB, FTP, AFP, NFS, and rsync
If a domain/LDAP client is joined to Synology Directory Server or LDAP Server, domain/LDAP users' passwords can be changed by clicking the head icon in the upper right corner of DSM
Supports joining a domain with a read-only domain controller (RODC)
Supports assigning up to 10 domain groups as local administrator groups
Supports up to 2 million users and 2 million groups per domain
Allows administrators to specify and prioritize the DC IP/FQDN
A security group is required for domain users to access Synology services requiring file access permissions, such as Synology Drive, Synology Office, and SMB Service. For services without file access permissions, such as Synology Contacts or Synology MailPlus, either a distribution group or security group can be used
Supports OpenID Connect SSO in Microsoft Entra Domain Services and IBM WebSphere
Limitations
Domain/LDAP users and groups do not support special characters "[{}|^[]?=:+/*()$!"#%&',;<>@`~]"
DC IP/FQDN do not support IPv6
Does not support SSH for domain/LDAP client
Domain client
Does not support security identifier (SID) history
When using SSL/TLS for LDAP encryption, channel binding on Windows AD needs to be set to When supported
LDAP client
LDAP users and groups can only use integers for their unique IDs
Does not support binding LDAP client accounts to a Synology Directory Server directory or other Active Directory (AD) domain services
For LDAP users to access SMB Service, the LDAP directory must support Samba schema, and users should use an NT Password for access
Storage & File Access
File Services
Features
Comprehensive support of networking protocols — SMB, AFP, FTP, NFS, and rsync — on DSM to provide quick and secure sharing of critical digital assets and to offer seamless file sharing across Windows®, macOS®, and Linux® platforms
One compact, little box is enough to access files anytime and anywhere, via computer or mobile devices, and without any storage devices on hand
Integration with Universal Search and Finder on Mac to enable quick and in-depth search of indexed documents, photos, and other contents within mounted folders on Synology NAS
SMB protocol
Specifications
Up to 10,000 concurrent SMB connections (Capability varies depending on product model)
Supports end-to-end SMB1, SMB2, SMB3 encryption and Large MTU
Flexible option to restore Previous Versions of files and folders on Windows
Integrated with Synology Universal Search
Finder on Mac
File Explorer on Windows
Supports full Windows ACL with up to 200 explicit permissions
Supports Recycle Bin
Supports server-side copy on Windows
Supports File Fast Clone on Btrfs file system
Supports sparse file
Supports Time Machine on macOS 10.12 and later versions
Supports hiding shared folders from users without permission
Supports transfer logs to monitor and record file operations. When transfer logging is enabled:
Logging file deletion and renaming by default
Other file operations can be selected for monitoring in Log Settings
Supports Aggregation Portal, using technology based on Microsoft's Distributed File System (DFS)
Opportunistic Locking (SMB2 file leasing and SMB3 directory leasing)
SMB durable handles
Clear SMB cache
macOS
VFS module to convert Mac special characters
Cross-protocol locking with AFP
Others
Local Master Browser
DirSort VFS module
Veto files
Symbolic links
Disabling multiple connections from the same IP address
Debugging logs
Applying default UNIX permissions
Strict allocate
Authenticatiing NTLMv1
Asynchronous read
Monitoring changes on all subfolders within the directory
Synchronizing data to drive immediately upon SMB client request
Wildcard search cache
SMB3 Multichannel
Limitations
The minimum SMB protocol cannot be set to the SMB3. As SMB3 on DSM refers to SMB3.1.1, setting SMB3 as the minimum SMB protocol will prevent client devices supporting earlier SMB3 versions from accessing Synology NAS via the SMB protocol
Concurrent connections (up to 10,000) are shared between SMB, AFP, and FTP protocols
Workgroup name can contain up to 15 characters but cannot include the following characters: [ ] ; : " < > * + = \ / | ? ,
Disallowing access to Previous Versions is only available on vDSM and product models with the following package architectures: Apollo Lake, Avoton, Braswell, Broadwell, Bromolow, Cedarview, and Grantley (See this article for information on Synology NAS system models and corresponding package architectures)
Anonymous logon for the SMB protocol is not supported when transport encryption mode is enabled
Opportunistic Locking should be disabled to avoid application timeouts when transport encryption mode is enabled
Opportunistic Locking currently detects only metadata and access changes made through SMB
Enabling Local Master Browser will disable HDD hibernation and activate the guest account without a password
Integration with File Explorer on Windows and Finder on Mac to search for indexed folders via the SMB protocol is not available on NVR devices
Enabling transport encryption mode or server signing may reduce read/write performance during SMB file transfer
The more file operation events you select in Log Settings, the more impact it will have on the system performance
SMB3 Multichannel
Available only on Synology NAS models running DSM 7.1.1 or above and using SMB Service 4.15
Only supports models using x86 platforms, which are as listed in Applied Models of this article
Supports the following client operating systems:
Windows Server 2012 and above
Windows 8 and above
macOS 11.3 and above
Either of the following must be installed on both server and client:
Multiple network adapters
One or more network adapters that support RSS (Receive Side Scaling)
Integration with Finder on Mac to search for indexed folders is not available on NVR (Network Video Recorder) series
Integration with Finder on Mac to search mounted folders by tag name and category is only available on macOS 10.9 and later versions
Only a maximum of 255 shared folders can be displayed (in alphabetical order) when being accessed via the AFP protocol; however, the total number of created shared folders may exceed that number
Concurrent connections (up to 10,000) are shared between SMB, AFP, and FTP protocols
FTP protocol
Specifications
Up to 10,000 concurrent FTP connections (Capability varies depending on product model)
Supports FTP, FTP over SSL/TLS (explicit mode), and SFTP protocols
Timeout settings to disconnect idle users
Customized port ranges for passive FTP connections
Server-to-server file transfer via FXP (File eXchange Protocol)
Connection restriction settings for IP addresses
Speed limit settings for specific users or groups
Supports ASCII transfer mode
Supports UTF-8 encoding for files with multilingual filenames
Server cannot be accessed via the FTP protocol by the "guest" account
NFS protocol
Specifications
Supports NFS version 2, 3, 4, and 4.1 protocols
Supports NFS 4.1 multipathing
Supports UNIX/Kerberos security styles
Customized service ports
Read/write UDP packet size settings
Limitations
NFS version 4.1 protocol is only supported on specific product models (See product spec for more information)
Rsync
Specifications
Supports rsync version 3.1.2 protocol
Supports customized rsync configuration to assign user privileges
Supports SSH encryption protocol during file transfer
Supports SSH port customization
Speed limit settings (scheduled and non-scheduled) for specific users or groups
Packages and services running the rsync protocol:
Shared Folder Sync
LUN backup
rsync backup
Limitations
To perform rsync backup from a Synology NAS running a version of DSM before 3.0 or a client that is not a Synology NAS, and to retain the source data's owner and group information, you must add the rsync accounts to the administrators group, and back up data to the NetBackup shared folder in the daemon mode
Storage Manager
Features
Intuitive storage management application to monitor the overall storage usage of your Synology NAS
RAID-based storage systems to provide fault tolerance and increase performance
Supports both Btrfs and ext4 file systems
The Btrfs file system can perform file self-healing to automatically detect silent data corruption and recover corrupted data (See limitation 1)
Supports data deduplication to optimize space efficiency (See limitation 2)
Supports SSD cache to enhance system performance
Specifications
General
File system types: (See limitation 3)
ext4 and Btrfs
RAID types: (See limitation 4, limitation 12)
Basic, SHR-1, SHR-2, JBOD, RAID 0, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1
RAID conversion:
Basic to RAID 1, Basic to RAID 5, RAID 1 to RAID 5, RAID 5 to RAID 6, and SHR-1 to SHR-2
Up to 512 shared folders, including 128 encrypted ones
Up to 256 volumes
Supports creating global and dedicated hot spare drives
Supports expanding storage pool and volume capacity (See limitation 5)
Supports using the Btrfs file system to create volumes of up to 1 PiB (Learn more)
Supports storage pool management options:
Changing the RAID type of a storage pool (Learn more)
Adding and replacing a drive in a storage pool (See limitation 5)
Safely ejecting a storage pool from an expansion unit
Assembling a storage pool online when the system detects a sufficient number of drives
Enabling SSD TRIM for an SSD-only storage pool for sustained performance
Supports displaying usage details for volumes in the Btrfs file system
Supports setting low capacity thresholds and notifications for individual volumes
Supports encrypting volumes with AES-XTS-Plain64 mode (See limitation 6)
Supports setting usage and user quota for shared folders in the Btrfs file system
Supports setting user quota for volumes in the ext4 file system
Supports scheduling data scrubbing to ensure data integrity (See limitation 7)
Supports adjusting the speed limits for running data scrubbing, repairing storage pools, expanding storage pools, and changing the RAID type of storage pools
Supports RAID Group to improve the level of protection (See limitation 8)
Supports Dynamic Bad Sector Mapping to enhance data integrity during storage pool repair
Supports complete Windows access control list (ACL)
Supports encrypting shared folders with AES-256 CBC mode
Drive Management
Supports HDD hibernation feature for power saving
Supports scheduling S.M.A.R.T. tests
Supports deactivating drives while Synology NAS is powered on to prevent service disruption
Supports switching the LED indicator of a specific drive slot
SSD Cache
Supports the SSD cache group feature to aggregate and allocate the capacity of SSDs for caching
Supports creating read-only caches and read-write caches: (See limitation 9)
Up to 16 volumes can be mounted with SSD caches at a time
Metadata of Btrfs volumes can be pinned to read-write caches (Learn more)
Supports SSD cache group management options, including drive addition and replacement, and changing the RAID type
Requires approximately 400 KB of system memory per 1 GB of SSD cache (including expandable memory) and no more than 25% of the pre-installed system memory
ext4 File System
Maximum single file size: 16 TiB
Maximum file name length: 255 bytes (See limitation 10)
Maximum path name length: 4,096 bytes (See limitation 10)
Maximum symbolic link depth: 40
Maximum single volume size: 200 TiB (See limitation 11)
Recommended maximum number of files per folder in the same level: 100,000
Btrfs File System
Maximum single file size: 16 TiB
Maximum file name length: 255 bytes (See limitation 10)
Maximum path name length: 4,096 bytes (See limitation 10)
The data checksum option must be enabled on a shared folder before silent data corruption detection can take effect (Only SHR, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1 support corrupted data recovery)
Data deduplication is only supported on Synology SSDs and specific Synology NAS models (Learn more)
To find out which file systems are supported by your Synology NAS model, refer to its product datasheet (Learn more)
A storage pool must consist of drives of the same type. The following drives cannot be mixed: SATA and SAS drives, SSDs and HDDs, or 4K native and non-4K native drives
Only certain RAID types support expanding storage pool and volume capacity by adding or replacing drives (Learn more)
Volume encryption is only supported on specific Synology NAS models (Learn more)
File system scrubbing (only supported on the Btrfs file system) and RAID scrubbing (only supported on RAID 5, RAID 6, and RAID F1) will run sequentially when data scrubbing is performed
RAID Group is only available on specific Synology NAS models (Learn more)
SSD cache creation requires volumes belonging to the same storage pool to allocate capacity from the same SSD cache group
Different character encodings may contain different data sizes (e.g., a character with UTF-8 encoding may contain 1 to 4 bytes)
Varies according to Synology NAS models (Learn more)
Only certain Synology NAS models support using M.2 SSDs to create storage pools (Learn more)
File Station
Features
The default file manager for browsing, previewing, and managing folders and files stored on Synology NAS
Sharing files is made easy and safe
Users can customize links to share with specific parties
Users can configure password and validity period for extra protection
Easy access and management from the following devices: personal computer, tablets, and mobile phones
Mounting virtual drives, remote folders and public cloud storage on File Station to access all remote data as if stored locally
Specifications
Supports up to:
100 concurrent remote folders
100 cloud services and file servers
1,000 files in upload queue
512 local groups
512 shared folders
16,000 local user accounts
The number of supported local groups, shared folders, and local user accounts may vary for different Synology NAS models (Please refer to each NAS model's product spec for the recommended number)
Supports recovering or retrieving deleted files from Recycle Bin
Supports viewing and adjusting ACL permissions of files and folders
Supports Windows ACL editor
Supports customizing shared folder attributes to be displayed
Provides an interface to edit music information of audio files
Supports management of files and folders stored on Synology NAS, including:
Creating, renaming, or deleting file and folders
Copying or moving files and folders
Uploading or downloading files and folders
Compressing or extracting archived files and folders
Viewing documents from Synology Office, Microsoft Office Online, or Google Docs
Synology Office supports the following formats for import: docx, xlsx, xlsm, xltx, xltm, xls, xlt, ods, ots, csv
Using Photo Viewer to view photos, Video Player to view videos, and Audio Player play audio files
Browsing files and folders in list view, tile view, and thumbnail view
Supports the following file formats
Imported files:
With Document Viewer (available on certain models only) installed, the following file formats can also be imported: doc
If VLC is not installed on your local computer, Video Player will play videos supported by HTML5. Please refer to here for details
Supports moving files by dragging and dropping them between browser windows
Supports keyboard shortcuts
Supports mounting virtual drives to access the contents of disc (.iso) image files
Supports mounting remote folders from remote servers that support the SMB1/SMB2/SMB3/NFS protocols
Supports connecting to remote public cloud services and file servers via a variety of protocols
Supported public cloud services include:
Box
Dropbox (excluding Team Folder)
Google Drive (excluding Shared Drive)
Microsoft OneDrive
Supported protocols include:
FTP
SFTP
WebDAV
WebDAV HTTPS
Supports sharing files:
With other users on the same Synology NAS
As email attachments with built-in email client
Via easily generated shared file links or QR codes
By creating and managing file requests (i.e., file-uploading invitations) to be sent to non-DSM users
Supports configuring shared file links:
Configured with validity periods, valid access times, and password protection to enhance security
Centrally managed via Shared Links Managers where users can edit, share, or remove existing shared links
Supports performing search (both regular and advanced) to find and display the desired files according to various criteria
Supports indexing folders to allow for more efficient search results
Supports applying and modifying WriteOnce settings to files, such as locking files, extending the retention period, or converting the lock state
Provides logs regarding file transfer and user activities for review and export
Allows setting speed limits on transferring files for specific users and groups
Limitations
A folder containing more than 10,000 subfolders cannot be opened at the lower folder level to ensure optimal browser performance
For non-encrypted shared folders, file/folder name should be within 255 characters (up to about 80 characters for non-Latin languages), and the file path should be within 4,096 characters
For encrypted shared folders, file/folder name should be within 143 characters (up to about 47 characters for non-Latin languages), and the file path should be within 2,048 characters
File and folder names cannot contain colons (:) and slashes (/), start with ._ (e.g., ._name), or use any combination of characters that are reserved for system use (e.g., . or ..)
Drag and drop between browsers or between tabs is not supported on Internet Explorer
Regular searches cannot be performed on folders connected remotely and mounted remote folders
Virtual drives and .iso files can only be mounted to subfolders contained within shared folders
NFSv4 only supports the TCP protocol
Certain features (e.g., Compress to, Extract, Preview, etc.) cannot be applied to files stored on public cloud services or file servers
Individual transfer speeds for each connected cloud service or file server are subject to user speed limit settings
File request links do not allow for folders to be uploaded
Certain cloud-specific limitations may apply when connecting to a cloud service. Please refer to this link for more information
Upload feature may vary with the type of web browser used. Please refer to this link for more information
Universal Search
Features
Global search into applications and files on Synology NAS via file name and file content
Specifications
Offers searches into the following items on Synology NAS:
Files (including images, music, and videos) and file contents in indexed folders
Notes in Note Station
Documents and spreadsheets in Synology Office
Offline DSM Help documents
Applications
Full-text search with keywords and advanced search criteria:
Created/modified/last accessed date
File extension
File size (MB)
Author
Group
Owner
Composer
Album
Title
Publish year
Program name
Genre
Duration (mins)
Audio bitrate
Audio sample rate
Video bitrate
Video codec
Description
Rating
ISO
Camera
Camera model
Exposure time
Aperture
Horizontal resolution
Vertical resolution
Comes with the intelligent search widget "Search Now" to display precise search results:
Supports the "Ctrl + F" hotkey to launch the widget
Supports other hotkeys to search by file type: "Alt + D" for Documents; "Alt + P" for Photos; "Alt + M" for Music; and "Alt + V" for Videos
Search results can be filtered by the following file types: Document, Photo, Music, and Video
Up to 1000 folders can be selected for indexing (Not including subfolders contained within selected folders)
Limitations
Searches into the following types of storage space are not supported:
Items stored in external USB/SD storage devices
Items stored in remote folders, cloud services, and virtual drives mounted to Synology NAS
Volume for hosting indexed folders must have a minimum of 100 MB available
Previews of search results are not available for encrypted and empty-content files
Not all matched terms will be shown as highlighted in preview if a search result contains more than 1,024 matched items
Searching with special characters is limited to file names, not file contents
Network Management
External Access
QuickConnect
Features
Allows secure and smooth connections from mobile and PC clients to Synology NAS via the Internet without the hassle of setting up port forwarding rules and router configurations
Creates a readable URL that allows easy file sharing both internally and externally for certain Synology packages
Specifications
Ensures server connection efficiency by a LAN/WAN detection mechanism to choose the optimal connection method (Learn more)
Ensures server reachability by choosing the optimal connection route and the optional QuickConnect relay service
Secures network connections with end-to-end encryption if SSL is enabled
Applies required port forwarding rules on compatible UPnP routers automatically
Customizable permissions for applications to allow access via QuickConnect
Supports detailed incident records for QuickConnect on the Synology Service Status website (Learn more)
Supports the following applications and services:
DSM
SRM
Central Management System (CMS)
Application Portal
Photo Station
Moments
Audio Station
Surveillance Station (including Synology Surveillance Station Client)
Download Station
Cloud Station (Cloud Station Backup and Cloud Station Drive)
Synology Drive Server (including Synology Drive Client)
Video Station
File Station
File Sharing
Chat (including Synology Chat Client)
Note Station (including Synology Note Station Client)
All Synology mobile apps (LiveCam & VPN Plus is excluded)
Limitations
Connections to third-party applications are not supported
Not supported on certain services and packages that require mapping directly to an IP address or a DDNS
Relayed QuickConnect connections may be slower than connections via port forwarding because of longer network latency
Relay service might not work because of certain limitations of ISPs in some regions
DDNS
Features
Translate the domain name of your Synology NAS to an IP address
Multiple DDNS providers
Synology Heartbeat service DDNS server
Supports custom DDNS provider profiles
Network
Features
Multiple Internet connection types
Static routes on multiple gateways
IPv6 Tunneling
Controls traffic flow and bandwidth for specific protocols
Specifications
General
Supported network protocols: PPPoE, DHCP, static IP
Sets outbound bandwidth for services with specific TCP/UDP ports
Supports Bond and PPPoE interface
Maximum number of rules: 100
Static routing
Supports LAN, VPN, and Bond
Sets up routing rules to a specific interface or Bond
Maximum number of static routes: 100
Limitations
Internet connection
Maximum number of concurrent VPN connections: 1
VLAN
Each network interface allows only one VID
Traffic control
Only the outbound traffic is supported
Maximum number of ports in a rule: 15
System Management
Terminal & SNMP
Specifications
Terminal
Telnet/SSH
Customized SSH cipher list
Supports SSH hardware accelerated ciphers
SNMP
Supports SNMPv1, SNMPv2c, and SNMPv3 protocols
Notification
Features
Sends notification messages via email, push service, or webhooks when system status changes or errors occur
Email notifications are delivered to Synology Account or a personal email address
Push service supports sending notifications to macOS Safari, Google Chrome, and Microsoft Edge
Push service supports sending notifications through DS finder
Supported webhook providers include Synology Chat, Microsoft Teams, LINE, SMS, and other webhook providers
Supports creating custom rules to trigger the system to send notification messages and applying the rules to specific delivery methods
Supports customizing the message content and some variables of notification events
External Devices
Features
Supports managing external devices, such as external disks, printers, or USB storage devices, connected to your Synology NAS
Supports setting your NAS as a print server to enable printer access for client computers or mobile devices that are connected to your NAS
Specifications
Supported file system types on external storage devices include ext4, ext3, FAT32, NTFS, Btrfs, exFAT, and HFS+
Installing exFAT Access from Package Center is required to enable exFAT
Supports formatting the following file system types on external drives: ext4, FAT32, and exFAT
Supported printing protocols include LPR, IPP, Socket, and BJNP
Allows setting access permissions for all connected external storage devices, such as assigning permissions to specific users or groups
Supports restricting the use of USB port to block all types of external USB storage devices from connecting to your NAS
Limitations
Synology HD, FS, SA, XS+, and XS series devices released as of 2022 will no longer support network/USB printers
Synology Plus, Value, and J series devices of the 23-series and above will no longer support connection to printers via USB
RC18015xs+ does not support USB printers
Task Scheduler
Features
Supports scheduling tasks to automatically perform the following actions:
Run user-defined scripts
Empty Recycle Bins
Emit beep sounds
Start/stop services
Resource Monitor
Features
Supports displaying the following metrics:
CPU, RAM, disks, and network usage status
Volume/iSCSI LUN usage status
NFS usage status
Resource usage history
Current user connections and accessed files
Status of file transferring managed by Speed Limit
Security
Features
Protects and encrypts data with multiple security standards
Manages multiple firewall rules for specific protocols and services
Automatically blocks remote connections to avoid malicious attacks and hacking
Supports 3rd party or self-signed certificates
Specifications
General
Runs Rapid7 vulnerability scans regularly
Military-grade AES encryption for shared folders and data transmission
Integration with Let's Encrypt to apply for and manage SSL certificates with ease
Trust level to safeguard from installing unknown or tampered package files
OpenChain 2.0
Web Security
Automatic logout timer provides a layer of security, with a default timeout duration of 15 minutes of inactivity
Admins can restrict users from embedding DSM into other web pages with iFrame
Option to set system protection against cross-site scripting attacks
Option to enhance system security with HTTP content security policy (CSP) header by allowing only data from trusted sources and restricting inline script execution
Supports trusted proxy server
Supports management of different access profiles
Security Advisor
Checks for available DSM and package version updates to ensure security and protect against vulnerabilities
Scans system and related network settings, and detects and removes malware for enhanced system security
Account and password strength detection
Automatically alerts users upon detecting logins from suspicious IP
Automatically updates security definitions database to stay up-to-date
Firewall
Access to ports or services can be individually customized to allow/deny specific IP addresses
Admins can create firewall rules based on geographic regions
Admins can organize firewall rules into different firewall profiles
DDoS protection on all LANs and PPPoE
VPN pass-through for PPTP, L2TP, IP Sec
Maximum locations in a rule: 15
Maximum rules: 100
Auto Block & Account Protection
Services which support Auto Block:
DSM, SSH, Telnet, rsync, network backup, shared folder sync, FTP, WebDAV, File Station, Photo Station, Audio Station, Video Station, Download Station, Mail Server, Mail Station, Time Backup, VPN Server, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
Services which support Account Protection:
DSM, File Station, Audio Station, Video Station, Download Station, Mail Station, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
IP block can be triggered based on a specified number of failed login attempts within a predefined duration. System supports black list and white list to increase management flexibility
Account Protection sets separate login attempt, frequency, and protection cancellation rules for trusted and untrusted clients
Certificate Management
Supports the import and management of multiple certificates
Certificate encryption algorithm is supported by RSA and ECC
IEEE 802.1X compatibility
Supports multiple certificates for different services:
Web Apps (HTTPS) and WebDAV
FTP SSL/TLS
Mail Services
RADIUS Server
VPN Server
Replication Service
Synology Drive Server
Active Backup for Business
CardDAV Server
Synology Directory Server
Hyper Backup Vault
Presto File Server
File Station
Reverse Proxy
Web Station
Virtual Host
QuickConnect
Syslog
Surveillance
Supports the creation and auto-renewal of Let’s Encrypt wildcard certificate
TLS/SSL Profile Level Management
Supports TLS v1.1/1.2/1.3
Supports multiple TLS/SSL Profile Levels for different services:
Web Apps (HTTPS) and WebDAV
FTP SSL/TLS
Mail Services
RADIUS Server
VPN Server
Misc
Offers HTTP Compression for speeding up web page load time
Built-in AES-NI hardware encryption engine
Limitations
Firewall
GeoIP database can only be upgraded along with DSM updates
Certificate Management
Certificates must be in X.509 PEM format
Private keys must be in RSA format and cannot be passphrase protected
Certificates issued by Let's Encrypt are valid for 90 days and can be automatically renewed by DSM before they expire. Please make sure your Synology NAS and router have port 80 open for certificate renewal
2-step verification
Only users in the administrators group can disable the 2-step verification for regular users
Email reset for users in the administrators group is disabled. Users in the administrators group must soft reset the device to remove 2-step verification
Log Center
Features
Offers an easy solution for gathering and displaying log messages on Synology NAS
Centralized log management interface and the flexible search function to help you find useful information efficiently
Specifications
The following functions are only provided by the Log Center package, but not the built-in Log Center application:
Archives logs by specified time, number of logs, the data size, and hosts
Sends logs to another log server
Supports TCP and UDP transfer protocol
Supports BSD (RFC 3164) and IETF (RFC 5424) format
Supports secured SSL connection by importing certificates
Supports sending logs filtered by service categories or log levels
Receives logs from the other log servers
Supports TCP and UDP transfer protocol
Supports BSD (RFC 3164), IETF (RFC 5424), and other customized formats
Supports secured SSL connection by importing certificates
Keeps the configuration history of the Log Center package
Proactive email notification according to log level or specified keywords
Advanced log search engine filtering logs by keywords, date range, and log level
Supports exporting logs to HTML or CSV files
Affiliated Utility
Synology Assistant
Features
An easy-to-use tool for managing your Synology NAS and other devices in the local area network (LAN)
For locating and connecting to Synology devices and checking status
For centrally managing printers attached to Synology NAS
Specifications
System requirements
Windows 10 or above
macOS 12.4 or above
Ubuntu 20.04 or above
Supports displaying the following information for Synology devices:
Server name
IP address
IP status
Server status
MAC address
Firmware version
Model
Serial number
WOL (Wake-on-LAN) status
Supports mapping a shared folder as a network drive
Supports using WOL to remotely wake up Synology NAS
Offers memory diagnostic tests for Synology NAS and routers
USB printers must be directly connected to Synology NAS via USB ports, not USB hubs
The memory card function of connected printers is not supported
Servers are unable to provides services during memory diagnostic tests
Synology HD, FS, SA, XS+, and XS series devices released as of 2022 will no longer support network/USB printers
Synology Plus, Value, and J series devices of the 23-series and above will no longer support connection to printers via USB
RC18015xs+ does not support USB printers
DS finder
Features
An app that lets you set up and install DSM on Synology NAS directly from your mobile device
Supports searching and locating Synology NAS within the same LAN
Supports various useful functions to configure your Synology NAS
Sends push notifications to your mobile device when system events take place
Specifications
System requirements
iOS: 13.0 or above
Android: 8.0 or above
Supports searching and connecting to NAS within the same LAN
Supports installing DSM for your NAS with the installation wizard
Automatically installs certain Synology packages for your Synology NAS directly from your mobile device
Creates Synology Hybrid RAID (SHR) as the default RAID type for quick and easy allocation of your drives' storage space
Recommends certain Synology mobile apps for your mobile device
Supports managing multiple NAS in one mobile app
Supports customizing a port for the Wake-on-LAN (WOL) function to wake up your NAS over the Internet
Supports shutting down and restarting NAS directly from your mobile device
Triggers beep sounds from your NAS to easily find its location
Monitors storage usage and hard drives' health conditions
Supports user management, such as adding and deleting users, managing credentials and status, and assigning user groups
Supports enabling push notifications to trigger notifications when specific system events take place
Supports configuring DSM update settings to automatically update DSM, automatically check for updates, or schedule a time to check for updates
Provides system and network information to view all the details about your devices
Supports configuring auto IP blocking with the options of blocking rules and block/allow list
Supports binding a Synology Account to each NAS for the following services:
Supports enabling and setting up QuickConnect to access your NAS in WAN
Supports enabling Synology Active Insight to monitor your device
Allows for accessing DSM via a mobile web version without having to use a web browser
Supports passcode lock to secure the accessibility of your Synology NAS
Limitations
Only desktop models whose names start with "DS" are supported
DS file (Mobile)
Features
Mobile application for managing files stored on your Synology NAS through secure HTTPS connection
Browse pictures, watch videos, or check work documents on the go
Specifications
System requirements
iOS: 14.0 or above
Android: 8.0 or above
Supports logging in securely via SSL/TLS connections and verifying the server certificate installed on your Synology server
Supports sharing credentials with other Synology mobile apps and recording login history, allowing you to skip entering user credentials multiple times
The supported file formats vary depending on the capabilities of your mobile device
My Favorites: Supports adding frequently accessed files as shortcuts
Offline Files: Supports pinning files for access without Internet connection
Tasks: Supports displaying ongoing upload and download tasks and their respective statuses
Supports sharing files and folders with customized link settings to protect your data
Validity Period
Password
Supports backing up photos from your mobile device to your Synology NAS with granular settings
Backup modes:
Back up new photos: Back up only newly added photos/videos
Back up all photos: Back up newly added photos/videos as well as existing ones
Backup rules:
Upload on Wi-Fi only: Back up photos/videos only when your mobile device runs on Wi-Fi
Upload photos only: Back up only photos but not videos
Keep Original File Name: Keep original file names of backed up photos/videos. If not enabled, their file names are replaced with the date they were created
Live Photo: Upload live photos only, or upload both photo and video
Free up mobile space: Remove the photos and videos that have been backed up to your Synology NAS to release storage space on your mobile device
Supports archiving and extracting items to save storage space and provides password protection to safeguard sensitive data
File formats supported for extraction: zip, .tar, .gz, .tgz, .rar, .7z, .iso (ISO 9660 and Joliet)