Network Segmentation

Distribute endpoints across different networks to achieve network isolation. Configure custom firewall rules, internet access policies, quality of service (QoS) rules, and other settings according to the purpose of each endpoint.

Divide and secure

Create and define up to 5 separate VLANs and map up to 15 Wi-Fi SSIDs to these networks (3 per VLAN) to keep your PCs, servers, and NAS protected against attacks on more vulnerable devices, such as IoT-sensors or smart devices.

Separate networks
Separate Wi-Fi SSIDs

Isolated

By default, networks are isolated from each other for maximum security. This means devices cannot communicate with devices connected to other Wi-Fi SSIDs. Different networks/VLANs can optionally be assigned to different physical ports on the router.

One-way

Easily create firewall rules to bridge networks for specific purposes. For instance, only allow connections initiated from your NAS to communicate with your IP cameras, but not the other way around.

Open

Keep communications between networks completely open. For example, if you manage a large number of devices that you wish to separate into different subnets for convenience.

WPS

Allow this convenient, but more vulnerable, connection method often seen on printers and cameras only on specific networks. For example, to accommodate guests and specific IoT devices with no other ways to connect.

WPA

Maximize security by enabling only WPA3 authentication on a wireless network with newer devices. Or set up a WPA-Enterprise network with a bridged fallback, such as for smart TVs and media casting targets.

Control your network

Each network can be set up with different internet access policies, bandwidth limits, and other settings based on how you plan to use it.

Safe Access​​

Safe Access​​

Define per-device or network-wide profiles to protect devices against online threats and to limit internet use or allowed websites.

Learn more

VPN Plus​​

VPN Plus​​

Define which networks clients connected via VPN Plus have access to. Use Site-to-site VPNs to bridge only a specific local network with a remote site.

Learn more

Firewall and Traffic Control

Firewall and Traffic Control

Define routing and port forwarding rules, and allocate bandwidth limits for each network to prioritize specific applications and devices.

Learn more

Fits right into existing setups

Already have your network defined? SRM 1.3 includes full 802.1q VLAN support so you can map custom networks and Wi-Fi SSIDs directly with your existing VLANs.

Make it possible with Synology Routers

Our routers support wired and wireless network segmentation, interference-free Wi-Fi, advanced mesh options, and more.

Notes:

  1. The maximum number of SSIDs is determined by the number of Wi-Fi radios. Dual-band systems support up to 10, tri-band up to 15. Each radio supports up to 5 SSIDs.