Webinar: How to secure your QNAP NAS for remote access.

Well, today we are going to cover a couple of topics, so the first one will cover how to

secure

the

qnap

and you can leave it there if you are happy that

your

qnap

is as

secure

as That may be the end of it, if you want to take the next step and you want to be able to

remote

ly

access

your

files from anywhere in the world over the Internet, then we'll cover that in the second. section of this

webinar

here as well, so all I'm going to talk about here at the beginning is just going to be how to lock down your qnap, how to make sure that you're following the best practices to make it as secure as possible, number one, this would start just making sure your nas is as up to date as possible for firmware updates if your nas is connected to the internet, which would happen automatically in a default setting if you set it to auto mode.

IP when addressing things like that, it will automatically update every time you log into the interface, it will do a little check to make sure you have the latest version of the firmware and generally we recommend keeping it as up to date as possible. to make sure you know that the vulnerabilities are fixed, so each of the firmware updates that come include sometimes new features, new applications, new services and there will also be some bug fixes or security vulnerabilities that may have been detected or repaired and have been added. on them too, so it's always good practice to make sure you're as up to date on the firmware version as possible.

Another thing I want to point out is that every qnap since the last few years does not have a default username. and password we had in the past so in the past it was something like admin as username with admin as password and every qnap now has a default password which is actually the mac address which is a 12 alphanumeric key digits and that is printed somewhere on the nas, so there will be a sticker on them, as is usually the case with the serial number, and on it will be the mac address of your unit and you can also get this mac address from our application queue search, suppose you have to open the q finder application here on my computer, when it turns off and scans the network, you will find different drives and you will see the mac addresses here and this will be the default username or password for each of the nas you use. you're logged in, so there's no longer a standard password, um, as you go through the setup process, um, it won't let you continue unless you change the password, so one of the first questions it asks when you set up the na for the first time.

What we've seen in our last four-part series is that it asks you to set a password and even change it from what would be the mac address number and the password can't be something simple, for example, you can't make it be admin and admin, as it used to be the old default, will not allow you to continue with admin as the administrator password, so the next steps that I am going to take are to install different applications that can help protect the qnap, of course you can. This without having these apps installed, but it makes life a lot easier because it does checks for you and every week to make sure everything conforms to the security policy you've selected, so the first app I would recommend is our security.

The advisor app and this app can be found in the app center on any qnap, so if you go down here to the security section at the bottom left, you will actually see the three apps that we can recommend and the mcafee antivirus one is optional. and you have to pay a license to use that and we have a free alternative antivirus built into the nas that I will also cover but the two that I am going to recommend would be the malware remover and the security canceller. You can't install the malware remover if you want, but when you open Security Advisor it will ask you to allow it to fully comply with any security policy you have set, so if we open the Security Advisor app, I have it set to the most basic level, so I have the basic security policy possible.

Here we have three different verification sections that it's going through and you can choose whether or not you want it enabled to verify them. or not, maybe you don't want an antivirus running on your nas, so you can disable the antivirus check if you want and the malware remover as well. Now it's not just about having these features turned on, but they also need to be turned on. There needs to be a schedule in place for each of them to perform an antivirus scan and update virus definitions. I see we already have a question here that says: can you disable the default administrator account?

No, You can not. disable the default administrator account, you need it for most purposes and of course if you ever had permission to disable an administrator account that would be the administrator account, but if it was disabled you will never be able to re-enable it because I already disabled the administrator account, so we recommend using the administrator account sparingly, only use it for configuration changes. Try not to use the administrator account for any

access

to the nas and do not save the password on your computer so that when it runs automatically. you fill out forms and stuff like that, if there was ransomware malware out there, that's how they get access to the different resources that you have, so I would recommend not using them, and with all these different options that we've set up, we can see that they haven't been detected risks with the configuration now, if we are to look at the security policy that I have established here, there are many sections that need to be agreed with the security council on what the configurations are. to whether or not you are going to say that you are not at risk for that particular policy, so here for the basic security policy we make sure that your nas is using the latest firmware version and that some services are disabled and they cannot be used.

For most users, can the NAS access the Internet? This is so you can get updates and things like that from nars and then we look at the different options here. Do you have apps installed with valid digital signatures and do you have the option to allow apps to be installed that don't have digital signatures enabled or disabled, so there are a lot of different options here, but this is the most basic security policy that's in place. configured now if I were to change this to the next level. what is the intermediate security policy as we scroll down the list, there are a few more things that have been added, things as different as SQL passwords, a lot of things that can be a little confusing, don't really worry about what They say if I apply this. intermediate policy and click OK, it will ask me if I want to run a new security check now, so I will say yes and if we go back to the overview page we can see that it is now looking for a new security check with the new options and I can see here that we are at a medium risk and there are two reports that have been available there, so if I click on view reports we can see that I have two options here, number one is my antivirus.

I don't use the latest definitions and also mynas doesn't force passwords to change at least every 180 days, so to change them these are just links you can click on, so if I want to go and check the change function password, I can mark it. It'll take me right to the settings screen for that, so if I make it larger, we'll see it at the bottom so we can see that this option is disabled, so if I were to grab that box, I have it set. at 90 days, but you only want it to be every 180 days, so you could increase this if you wanted.

I'm going to apply that setting change and since you also mention about the antivirus, I can click on the antivirus option there like Well, it will take me directly to the built-in free antivirus option. This is called clam av. You can download definition updates directly from them or you can just click the Update button here, so if I click the Update Now button, it will activate. turn off and check for the latest virus definition update to start downloading them installing them to the drive which may take a couple of minutes in the background but if I come back here and click scan again I'm going to let it do another scan to see if I'm still at risk or if everything is fine, so the latest virus definitions are not installed yet, so we'll wait for them to install and I'll click scan again in a moment, but that's basically stopping the other error now, the other error about not having passwords that must be changed every 180 days.

I already got rid of that. Now this scan will usually run once a week. Each week, you can change that schedule if you wish. you can set this on a different schedule but I usually have it set to run only once a week and each time it runs a little popup will appear saying that it has finished running and you can go and check the loads if there is something that is high risk, so it has not met one of the higher categories. In fact, you'll get an alert here in red, almost like a bug in your nas that you need to go and deal with. that to go and add an exception to that rule, you're happy with that error or you can change your security policy up and down, so yeah, that's the first thing I would recommend now as part of this from the overview screen I can also see the malware remover there so with the malware remover it's a separate app so if I go here to the malware remover this is a little tool that will scan everything on your nas and make sure that you don't have nothing. that is a recognized malware and the definition updates are also updated daily and this is a scan that runs every day so you can start the scan and it will shut down and perform the scan.

It only takes a couple of minutes to run, but this alone is going to make sure that all data stored on your nas is not affected by any recognized malware that could damage the qnap as well, as long as this scan is scheduled to run at least every 24 hours and the security advisor will be happy that you are being careful enough there, so let's scan and fill in everything is fine, so if we go back to the security advisor application we can see that it is there and we have a question someone called alcidae. I'm sorry if I said that wrong.

Can you exclude files by scanning with the virus scanner? Good question, yes you can. In the antivirus application, when you create a scan job, when you edit the scan job, there is an option here to filter. you can scan all files, quick files or you can also check the box to exclude files or folders and then you can enter the paths of those files or folders there as well, so I hope that answers it, I will see there, okay, one of the Other questions which just came from ian, is there a way to do two part authentications for logins?

Yes, absolutely and in fact, if you were to change the security policy up to the advanced security policy, one of the options that we have. scroll down the list here, one of the options if I remember correctly was to make sure you have two factor authentication enabled. I don't remember where it was on the list, but you must have two-factor authentication enabled. and to enable that, if you want to enable two-factor authentication, if you click here in the admin section and go to options, there is an option here for two-step verification where you can enable this and this works in conjunction with our authenticator. application that would be the queue manager, so the queue manager will be needed every time you want to log in to the nas.

You can open the queue manager app and it will give you your two step code so you can log in, so just having the username and password for the nas is not enough to log in if you really want to take an extra step and you would need it for the advanced security policy that's there, so after you've chosen the policy that you're happy with, that's one. step, so that's really locking your naz in a state recommended by the particular policy that put you in a good position there so that there is no risk, there is no way for anyone to gain access to the naz maliciously, um parts of the advice of security.

It's also setting up some notifications, so inside the qnap we have a notification center and in the notification center it requires that you be notified if there are things like new firmware updates and things like that, that's why I have it set up here. I have email alerts and I have a push service set up for anything that's happening with the nas and if you go to the different rules that you have,if I went over here to my email rules, we can see that I have an account set up for my qnap email address and if I go and edit the different rules in this, this works for a lot of different um options that we have within the rules. notification, so here's rule one for my email.

In fact, I have a notification in my email for every possible thing I can do with my qnap, so every category of software and hardware doesn't matter. I have everything turned on for this so in my email I will get an update when I change the settings if there is any problem if someone else changes the settings and so I can get a lot of different alerts here now for the push notifications I've gone a little less on the notification, so if you were to open this and scroll down, I only have notifications turned on here for the firmware update, so scroll up, sorry, here when there is a firmware update available and also when there is a firmware update being applied. firmware update so I have to enable them as push notifications so you can enable them but the notification center is very important because you know pretty much in real time as soon as something happens on the nas or if something is changing. it's not what's expected you can log in and fix it, if it's something that's expected then you can just delete the email, okay that really covers everything that protects your qnap.

There are a few other areas that you can access, so in the control panel we can have a full security section and this is where you would do everything if you didn't want to use the security tip or the software, if you wanted to do it yourself without it The security council prompts you to make any changes that you can configure. from the settings right in this settings screen right in the control panel so first of all you have a allow and deny list so the default here is to allow all connections from anywhere if you only want to allow connections from your local land. so even if you and accidentally had a firewall failure or someone opened some ports on the firewall that allow users to come in, you can set this to only allow connections from the list so you can set that and you can add an address specific, a specific subnet, an IP range, the IP range could just be your local LAN, so even if it was open to the outside world, users would not be able to communicate with your qnap because they are not coming from a network. or an IP address that you have added to recognize um be very careful when setting this up, if you configure the wrong settings here you may not be able to get access to qnap and you may need to press the reset button on the back if you wanted Avoid that, okay, I've seen some questions here from Tim.

Can push notifications go to multiple devices? If you can. You can have as many users logged in as you want with the q manager app and configure them so they can. they also get push notifications, and someone else here is Herman is asking, going back to disabling the administrator account, sure you can, as long as you have at least one custom user that has administrator rights, usually I would still do it. I just recommend having a user with administrator rights, which is the admin user, and just don't save the password anywhere else, but yes, if you want to go the other route of having a user with administrator rights, that might be possible, but now it has I have two users which can affect the nas greatly.

I would say that just having the default administrator account, which is a little more secure with a very strong password, would probably be just as secure and a question here from Robert would be interested. uh how to see how do you set up the notification center, uh, to tell me when someone logs in or tries to log in to my qnet, and one of the most important ways to do that is in the system logs in qnap, there's a section here. I just open this up, take a quick look at this one. I can find where that setting is.

There is an option to enable logging of different connections that are happening with the qnap, so here you have a system access log and so on here. it's when people try to connect in and out of the qnap, you have different users online, system events, things like that and this is looking for qts heroes, so it might look a little different from the nas that you guys have out there, so yeah I had to log into a different nas that I have here and go to qts, just to illustrate the difference, let me take this manager, so on this one you have to enable it on qts as the operating system. here, if I go to the control panel, open this and go to the system logs, there is an option here that by default is disabled, so the system connection logs that you can see in the miners here are set to start to log, which means it's not running, so if I were to check this box it says do you want to start logging?

I'm going to say yes, so now it's actually logging everything that's happening, so if someone were to connect to my nas or something, now they'd all be logging, but now they're all working. They are events that are logged and now you can select to receive notifications in the notification center, which can be a little tedious because if people start logging into your qnap a lot throughout the day if you have multiple users. You'll be bombarded with notifications so sometimes it's best to log in here and if you need to check if someone is logged in, especially in a busy environment, you can just come to this area and take a look, so that's how it's done in qts so q registration center this is brand new for qts hero which we are also using here okay just before we move on to the next section on how to enable

remote

access I'll just take a look at some of the other questions here so someone It says what is the advantage of using mcafee if you compare it to the standard virus scanner and I guess it's probably more of a question for the mcafee guys, they would probably say they are more up to date and cover more different definitions.

I definitely know that the virus definition file for mcafee is much larger than the free one from clam av, so it covers a lot more bases, but yes, mcafee, they are possibly a bit faster. to respond to virus threats that maybe clam av, so if a new virus comes out, maybe they would update the definition before clam v. I'm not saying that's happening 100 of the time, um, but that's, um, that's probably what mcafee would do. I say and like I say maybe a better question is to go talk to mcafee to ask them why mcafee is better than clam av and a question here from dirk that says: is there any problem with mac os that you know of that would limit more than one account? user? to access qnap um no, not at all, the nas doesn't really matter, it doesn't matter if you are a windows user, a linux user, a mac user, it doesn't matter what the user is and there is no limit on the number of times that a user can log in by default, of course, you can go through the security settings and set this to be much more restricted if you want, so within the security settings, when you come here to things like policy of passwords, you can stop by here. and you can set up a lot of different things for password strength and you want at least one of the upper and lower case you can't use the same password twice how many times things are used you can't use more than one character repeatedly um within the same within the the same password, so there are many different settings that you can configure here within the nas itself.

Okay, now what I'm going to do is talk about accessing your NAS remotely, so everything you need to do to access your NAS remotely actually starts within our my qnap cloud app for a lot of people, especially if your connection The Internet your QNAP is connected to has a dynamically changing IP address so you know you won't have a static IP address wherever you are. the same thing all the time at a guaranteed time um so with this feature here you will have a start option at the top that will allow you to go through a wizard that effectively you just have to log in to your qnap id account and choose my qnap cloud device name for your device i chose here qnap secure uk.myqnapcloud.com so with this setup now i have a domain name that i can access this qnap and that is what i have been accessing to qnap from here at the top and this is what I am using to get remote access to qnap even if the IP address changes we have a lot of different options here now in order to keep things secure we have some features here that will They make it easy to access your Qnap remotely, but it's not necessarily the most secure option to choose.

The first is automatic router configuration. You may also have heard that this is a feature called upnp or universal plug and play that will allow devices on your network. If your router supports upnp, the device can ask the router to open ports to the device's correct LAN IP address. behind the firewall. In this case the nas will open that port through the um al nas so that you can access the specific service and that you want to access, there are many services that you can run on a qnap um so enabling this option will open upnp by default almost 15 ports to the qnap for all the services it has. was enabled if you have this enabled at the bottom here a big table will appear showing you which ports we have asked the router to open and whether the router was able to open them or not the router will respond. to us and say yes, I have opened those ports, um, if you don't want all these separate ports to be opened, which I normally don't, I never actually enable the upnp port forwarding service and I even have it disabled on my router .

Also, even if I accidentally forgot to disable this feature, it would never appear as being able to open a port. Everything I do has to open ports manually. The next section is the dynamic DNS, so this is the host that I created the secure qnap uk.myqnapcloud.com. It gives you the actual IP address you are referring to and when the IP was last verified and confirmed and when it was updated, so you can manually configure the dynamic DNS IP address here, so if it is not. has been successfully auto-detected, you can force a different IP address and the next section you're probably going to go to is the SSL certificate, so SSL is the secure socket layer, so this would be a bit like your online banking every time you go to your online banking. and log in to your webmail, anything where you typically have to log in with a username or password, you'll see this little padlock that appears here at the top of the interface.

If I click on it, it will show me the certificate and confirm. that I have a certificate for this myqnapcloud hostname and it should be at the IP address that that certificate is running on, so this lets me know that I have a secure certificate and I have reached the address that I think it was supposed to be at. which should arrive now if I were to access this same qnap through a different link so I have another host pointing to this so if I were to go to qnap uk.qnap.com I would go to port 50 because that is a what I'm accessing. this qnap do https at start and click enter.

I'm getting an error now that this connection is not private, so it's not going to give me the nice password logo that I'm connecting to, so I can go down here, I can um. look, I can skip this it wants me to type the password so I can access the same qnap, so just to illustrate, this is the same qnap but just with a different host here, I'm going to log in just to illustrate that, um, the password will be different, so if I go into my Qnap cloud option here, we can see that this is the secure qnap uk, only now I'm accessing it through a different host, but I don't have a valid certificate for that. one, so I got a lot of errors, it was not reliable as a location.

I forced trust, which is not exactly what you want to do, it's like bypassing security a little bit so you can get these SSL certificates and we do that. offers free ones through the let's encrypt service. You have two options when you do this, if you want to use a hostname other than the secure qnap uk dot myqnapcloud.com, so you want to use your own domain in the end, there is a way to do that too, here in the security settings there is a certificate option at the top so the certificate and private key can replace the certificate with your own checkout, so if you want to add a certificate there, that's not it. from let's encrypt or for a specific domain that you want to use to access qnap um, you can upload it here without doing it through the cloud portalmy qnap and my qnet cloud portal only covers my qnap cloud domains and the connection options that we got there and the next thing I'm going to show you is accessing the nas through something like a VPN service, for What the benefits of a VPN is that it is an encrypted connection.

You only need to open one, two or three ports, depending. in the vpn service you have done on all your nas to get access to every service running on the nas, so many different things on the nas, like web servers, ftp servers and different applications that we can have, like plex or anything else which can be running they all require their own port to access so if you want to use it without a VPN you can open multiple ports and to get access with VPN you can restrict it so with some of the servers e.g. our own Q belts and The VPN service we have only needs one port to be open, so if you enable this, the default is 443, you can change that port to any port you want, but the benefit here is that you just have to forward a specific port. port, so if I were to change that to say port 52, if I wanted to get access to the entirety of my nas, I could forward just this single udp port through port 52 to my local nas IP address from my firewall and that would give me everything the access I need to absolutely every service on that qnap, so if I were to go here and check what the IP address is, if I go to my network and my virtual switch, I can see that my IP address is 192.168.50.29, so Yes I go to my firewall settings here, so if I go into the settings I'll just point out that in my services here, uh, upnp or mine is disabled, so I'm not using the router's auto configuration features, but if I go into my firewall, this will look different depending on everyone's firewall and everyone is different so I can't give you a universal way to do this but normally they will call the port forwarding function so if I use forwarding of ports here, I have an option here to create a new port forwarding rule, so I would open it and call this a signal belt, maybe so I'mI'm going to call this as a signal belt port forwarding that I'm doing.

I'm going to allow this port to be forwarded from anywhere because I don't know where I'm going to use VPN from. I can restrict it to a specific IP range. Let's say I wanted to connect to this nas at home, from our office in Swindon. I could limit this to only working from that IP address if I wanted to, so port I'm going to select 52, so just to illustrate that I'm simply matching what I've configured here in the qvpn option, so when I go back to manage here you want to know what IP address I'm forwarding it to, so now I'm going to match the IP Address that I set to the Nas LAN port, so it was 192.

Once it's like 50.29 and the forwarding port, it will normally be identical to the port you have at the top, so you can write 52. Now I can. forward both tcp and udp protocols, but I know for this one you only needed udp because that's what the nas is asking for here, so we've tried to give you all the information that you need for the different uh options that you have there. I see here a question from John asking if the qbelt allows access to the LAN or only the nas, so the default setting will be only on the nas, but if you want to give access to the entire LAN you can do it using some tools different.

We have our networking and virtual switch feature so you can go into the network and virtual switch and you can go to the advanced options here, so inside the network and virtual switch you have a virtual switch section here and there is a wizard that you can launch and that will allow you to add a virtual switch for different tasks, so that you can create a software-defined switch that allows users to access one interface, such as the one on which the VPN is running, and gain access to the rest of network that way and there are also containers and virtual machine routing options that we have that can also do that for you in our virtualization station or container station applications if you want to use those as well, so there are ways to do that, but I I win.

I don't cover those in this session that could be a suggestion for a video in another session on how to use software defined switches and virtual switches on the nas itself, so yes, if you came back here and clicked Apply, you would win. I don't click save because it will probably disconnect my Internet while you reboot the router to apply that change that will disconnect the

webinar

, but this is how you would configure a lot of the different port forwarding rules on a lot of routers that you normally look at. for a section called port forwarding or network address translation, both would give you access to do port forwarding through the firewall, some of them may have pre-built services, so if you were using one that wasn't called um qbelt from from qnap maybe you would like to use one of the more standard options out there like pptp or lttp ipsec and it may already be a services dropdown where it already has the full ports for you and look, there's a question here, let's take a look, I think.

I already answered that, yeah okay that's how you would get access via port forwarding through the firewall that you have there, so I hope I've answered most of the questions there, the remote access side again is it's totally optional By default, the NAS will not allow remote access through your QNAP. The upnp features that automatically open ports on the firewall are completely optional and are not enabled by default. I just wanted to emphasize that one last option I'll discuss is us. I have an additional function called myqnapcloudlink. This is a way to get access to your qnap if you can't open ports through your firewall, so in some circumstances, like in a managed services office, maybe your internet is delivered over the 4g network from a cell phone company and if that's the way the internet comes to your home quite often you don't have options on your router to open ports on your network so if you still want to access some of the services on your nas you can install my qnap cloud link app now this will make an outbound connection from qnap to our portal server and access the portal server directly, instead of directly accessing the hostname you create like qnap secure uk.myqnapcloud .com or whatever What do you think, you would actually go to our address www.myqnapcloud.com, you would log in here with your qnap ID and once you are logged in you will be able to access some of the services in your queue and that includes things like the files on your qnap , if you have allowed it, you can enable and disable the services you want to give access to through this portal, and that is one way you can still get access to some of the features of your qnap and even if you can't open ports on the firewall there too, someone here is asking, so jerome asks why you don't recommend using upnp, then the main reason is that you have many devices on your network, like you. know computers running skype nas, devices, printers with internet printing services, upnp is effectively a golden ticket for any device on your network to open ports on your firewall and allow wider internet traffic to enter your network personal, now it's usually just one or two ports and needs to be directly to a specific device so it doesn't sound too bad, but if there's something malicious on the network you were connected to, you'll be able to have full control over any port on the router without you. know.

That's why I personally don't use Upnp. I prefer to be in control and know which ports are open now. It would be much easier. Many services work better, for example, if you have an Xbox. An Xbox will do it often. gives you a warning when you're connecting to xbox live if it doesn't detect that you have upnp um on your firewall so some things like online gaming video chats some of these types of amazon echo devices you might want to do video calls over the Internet. and I think Facebook created a device recently, these will all need ports to be opened on one of the ends, so they are looking at upnp to do this, but these are ports that are allowed through their firewall, effectively disabling their firewall for these specific functions, um to gain access inside or outside your network, so I would recommend not using it, of course, you can use it.

It makes setup much easier, just activate a feature on your qnap, the myqnap cloud feature will disappear, oh I see you have now enabled the web server feature to host the website, it will automatically open the port on your firewall upon same time you enabled the service. It is not a two-step process; You should do it yourself, it is very easy to do. and I see here from John that you have a qnap pre-shared key. How important is it to be a complex password? Generally I would say that the pre-shave password is not too important to be a complex password, that is effectively it. from where the encryption is planned from the pre-shared key and that is the strength of the encryption so the more it is done the harder it is to protect but every account outside of the VPN so it is only for those users who they do not know.

What does that mean if I go back to the VPN app? So if I go down to one of the options here, psk or pre-shed key, if you activate this, it wants a thank you key, so you can leave an option to write. use it as the default qnap or you can write it as something a little more complex. This is not the only way to get access after this, you still need to have a username and password to access the nas as well so I would say. It's not very important, but yes, if you can configure it more complex, it will make it much more difficult for anyone to intercept any traffic.

There's someone else here, so Ari asks if there's an advisor available for older qnap ts 239 pros, um, not me. I think I would go that far back, I think you need to be able to run at least qts 4.4.2 to be able to install a security advisor, as long as you can install qts4.4.2 you can install it, so Mike asks. uh myqnapcloudlink, this access is not related to a user, possibly one that has restrictions, yes, so the access is also per user, so first of all you need to allow your qnap to access myqnapcloudlink. Secondly, you then need to allow users to access those. services on top of that, so simply enabling the my qnet cloud link doesn't give anyone any access except the admin user, but you can also enable and disable user access through that service.

Robert asks if a recording will be available. Yes, there will be. um it will be on the youtube channel I think later today or monday anyway daniel question. Can I get files on my nas through windows explorer so I can send them via wii transfer if I'm not on the same subnet? want to access your keynote files through Windows Explorer remotely, yes, it's absolutely possible that it's a service you need to activate that you may not have heard of. Let me look it up here, go to the web server, so inside the web server settings we have a webdav option, so webdav is effectively a way to access mounted folders on things like Windows and Mac directly through the firewall .

Now when you enable webdav, it will only use the permissions of your shared folder, so you will have the same permissions that you set for the users. if they were on your same network, but with this option you can also configure a dedicated port, but again if you want to keep it secure, disable the non-secure option, so just use https. We have a port here for 5001, so I would do that. I have to do that to enable 5001 through the firewall now on a Mac, which is what I'm using now, if I wanted to access this in my browser for example, which is a bit like Windows Explorer, I would go up here to go. go to connect to the server and it has given me the path down here that I need so in this case I would need to connect to a different link so if I do https and I would do uh Secure qnap uk dot my my qnap cloud I would do the port number which is set here, so here it says colon port.

I look at the port that is there so I would type 5001 and then it wants the folder path so there is a default folder in the qnap called public so if I were to use that as an example I would type public now when I click Upon connecting, it will ask me for authentication details. This isn't going to work because I haven't forwarded port 5001, so I won't click connect, but this is how it would work. I think so. There may still be one running here on a nas cloud I have running, so I'll try to hook it up to show you what it would look like.

I'm not sure if I left this service running or enabled or not, so this may still fail, oh no, here we go, so this is goingconnecting to a qts cloud nas that we have hosted on amazon's aws service, um, so this is an access to an az, so I have access to it, um, it works like any other. another folder inside my computer, the obvious downside is that it is now limited by my internet speed, so it won't be as fast as accessing the local mass, but it would be the same process to connect with Windows Explorer, just instead of connecting to the server. um it's a bit like mapping a network drive you have to mount the webdav path that's it if you just have a quick google search online on how to connect to a web development path um on Windows 10 it should show you how do it, okay? question here from dirk, he says on ios he left home, i always connect via myqnapcloud.com, would you advise me to switch to vpn access as demonstrated?

It depends entirely on you and them, it's dirk, one way is the same as the other. The VPN access is a little more encrypted and that is the option I would recommend using instead and it also removes some of the loop so you don't have to go to my qnap cloud portal to then go to your nas, if you use the domain name that you created, like qnap secure uk.myqnetcloud.com, will come directly to us and we will just perform a DNS redirect for you. Okay, see a question from i'll see the day here. I have an older ts469 pro model, but it still does a great job.

Actually, it was my first time to join qnap great nas and I played a little with the network settings, but now I can't configure the DNS server. automatically, can it be done with ssh or telnet? I will send you a short guide after the session. I'll see how to do it. You may have added your network adapter. a virtual switch and that's where the dns settings are now, but I'll come back to you after the session. So there's another question here from Mike. The Windows NFS security advice says that I should only configure local addresses. I'm right?

Yes for NFS. if you set it to um, especially the highest security policy options, that's one of the options you want if you're using nfs um, but again you can add exceptions and agree to not set that option if you want, um, but that's just a recommendation we are giving, nfs should only be accessed via local addresses and if you want remote access to an nfs program you could use something like webdav instead, a question from jerome, just asking how to bind ports. uh, with the unify team, well, just because I'm running it I can, I can quickly show you how it works.

So mainly what you do is you go to your device list and choose a switch, so any switch you want. Here, you go to the ports section and then highlight the port you want to make when you edit it. There is a profile section that you can go to here and you can go to manage profiles and there is a profile override option. I have to do for the aggregation. I'm just making sure I get to the right section here, let's take a look, still exist, where was that setting? Unifi has its own way of setting up things like profiles um, maybe you have to be on a port with something connected a second, uh, yeah, so here we go to the profile on road override. so there is an aggregate option, so we call it port binding, they call it aggregate, some switches call it link aggregation, so this is where it should go.

I want to add the ports. It asks you what range of ports you want to add, so you have ports at 728 for example, and then you have to match that on the other switch or device you're connecting to and then apply it at the bottom, but yeah, inside From it, you click on the port with which you want to start the aggregation. just one of the ports you have connected and then you can configure the range within it. It's not very obvious. I agree with you. I understand why you asked that question. John's question: Is there an easy way to find my IP addresses? um so I can manually update the keybelt um so if your IP address changes on the internet side using uh myqnetcloud it automatically checks your internet IP address every two minutes if there is a change it updates the host to match with that IP address. a very short lease time on the dns so it will update pretty quickly so the maximum time you won't be able to connect may be around five minutes depending on how fast the dns updates but yeah, it's automatic within it uh so I think John added to that question by saying it was about q belt for the iPhone um so yeah when you set up q belts on the iPhone if you set the IP address or the name of host as your myqnap cloud address, even if you are your home, um or Your nas location IP address changes will always be updated with that host so you never have to change the host, so in my case here I am using qnap for sure uk.myqnapcloud.com as long as you keep it set to secure. myqnapcloud.com even if your IP address changes on your internet connection, that host will always point to your home IP address, it may be a different IP address every 24 hours, but it will always have the same name, okay, I think Let's end there, I think that's the end of the questions, so if anyone asked any questions, we won't answer them or if I said I'll get back to you, I'll summarize. these questions after the session, any outstanding outstanding items, if anyone wants a guide by sending something like that, we can do it after the session for you, so thank you very much for coming to the next sessions in a couple of weeks to discuss how many things that your qnap can do and sure enough it's me looking at one of our nas and basically turning on all the services and settings I can on a single qnap just to illustrate how many different things your qnap can do obviously one of those things is sharing your files over the network, um, but we're just going to illustrate how many other things you can use qnap for, from websites to CCTV to full multimedia services, we'll just turn on all the features, so it should be very good too, thank you very much.

I think we'll end there.