Supports bulk user creation by importing user lists in UTF-8 encoded files
Supports adding users to more than one user groups for easy management
Supports configuring password strength and expiration rules
Allows self password reset for non-admin users
Privilege
Allows customizing the permission settings of individual folders and files for users and groups
Allows customizing the permission settings of applications for users, groups, and IP addresses
Supports setting quota for volumes/shared folders to control the maximum amount of storage space available to each user
Supports setting speed limits for users and groups for FTP, rsync, File Station, and Cloud Sync
Specifications
Number of maximum local users: 16,000
Number of maximum local groups: 512
Username length: Up to 64 Unicode characters
Group name length: Up to 32 Unicode characters
Password length: Up to 127 Unicode characters
User/group description length: Up to 64 Unicode characters
Maximum quota for ext4 volume: 4 TB
Customize password valid duration:
Range of days before the password becomes invalid: 1 - 999 days
Range of days before the system prompts users to change the password: 1 - 99 days
System reserved usernames and group names shown below cannot be deleted:
System users: "SynologyCMS", "MAILER-DAEMON", and "POSTMASTER"
Default users: "admin" and "guest"
Default groups: "administrators", "http", and "users"
All users belong to the "users" group by default and cannot be removed from this group
The "admin" account has full permission to access all services and applications on Synology NAS
Users in the "administrators" group have unlimited quota for volumes/shared folders
Prioritization for privileges:
Shared folder permission: No access > Read/Write > Read only
Application permission: Deny > Allow
When enabling Local Master Browser in SMB settings, the default "guest" account will be automatically enabled
Limitations
Naming limitations for usernames and group names:
Cannot contain special characters: {}|^[]?=:+/*()$!"#%&',;<>@`~
The first character cannot be a minus sign or a space, and the last character cannot be a space
Domain/LDAP
Features
Works with Windows AD, Microsoft Entra Domain Services, LDAP servers, and Synology Directory Server
Supports Single-Sign-On (SSO)
Allows setting and managing domain/LDAP user and group privileges
Allows domain/LDAP users to access Synology packages and services
Specifications
Hỗ trợ thiết lập quyền cho người dùng và nhóm domain/LDAP để truy cập thư mục chia sẻ và ứng dụng
Hỗ trợ thiết lập hạn mức cho người dùng và nhóm domain/LDAP
Hỗ trợ giới hạn tốc độ truyền của các dịch vụ DSM được sử dụng bởi người dùng và nhóm domain/LDAP
Hỗ trợ thư mục cá nhân cho người dùng domain/LDAP
Hỗ trợ xác thực Kerberos v5 và NTLMv2 khi tích hợp với Synology Directory Server
Hỗ trợ truy cập tệp thông qua các giao thức sau: SMB, FTP, AFP, NFS, và rsync
Nếu một máy khách domain/LDAP được kết nối với Synology Directory Server hoặc LDAP Server, mật khẩu của người dùng domain/LDAP có thể được thay đổi bằng cách nhấp vào biểu tượng đầu ở góc trên bên phải của DSM
Hỗ trợ tham gia domain với bộ điều khiển domain chỉ đọc (RODC)
Hỗ trợ gán tối đa 10 nhóm domain làm nhóm quản trị viên cục bộ
Hỗ trợ tối đa 2 triệu người dùng và 2 triệu nhóm mỗi domain
Cho phép administrators chỉ định và ưu tiên IP/FQDN của DC
Một nhóm bảo mật là cần thiết cho người dùng domain để truy cập các dịch vụ Synology yêu cầu quyền truy cập tệp, chẳng hạn như Synology Drive, Synology Office, và SMB Service. Đối với các dịch vụ không yêu cầu quyền truy cập tệp, chẳng hạn như Synology Contacts hoặc Synology MailPlus, có thể sử dụng nhóm phân phối hoặc nhóm bảo mật
Hỗ trợ xác minh chứng chỉ máy chủ khi tham gia vào một thư mục, ngoại trừ C2 Identity Edge Server. Cấu hình này không thể được sao lưu trong sao lưu cấu hình hệ thống DSM hoặc Hyper Backup Entire System Backup.
Dựa trên LDAP phiên bản 3 (RFC2251) và RFC2307
Máy khách SSO
Hỗ trợ OpenID Connect (OIDC), SAML 2.0, và CAS
Hỗ trợ Xác thực Windows Tích hợp
Hỗ trợ SSO Server
Hỗ trợ OpenID Connect SSO trong Microsoft Entra Domain Services và IBM WebSphere
Limitations
Domain/LDAP users and groups do not support special characters "[{}|^[]?=:+/*()$!"#%&',;<>@`~]"
DC IP/FQDN do not support IPv6
Does not support SSH for domain/LDAP client
Domain client
Does not support security identifier (SID) history
When using SSL/TLS for LDAP encryption, channel binding on Windows AD needs to be set to When supported
LDAP client
LDAP users and groups can only use integers for their unique IDs
Does not support binding LDAP client accounts to a Synology Directory Server directory or other Active Directory (AD) domain services
For LDAP users to access SMB Service, the LDAP directory must support Samba schema, and users should use an NT Password for access
Storage & File Access
File Services
Features
Comprehensive support of networking protocols — SMB, AFP, FTP, NFS, and rsync — on DSM to provide quick and secure sharing of critical digital assets and to offer seamless file sharing across Windows®, macOS®, and Linux® platforms
One compact, little box is enough to access files anytime and anywhere, via computer or mobile devices, and without any storage devices on hand
Integration with Universal Search and Finder on Mac to enable quick and in-depth search of indexed documents, photos, and other contents within mounted folders on Synology NAS
SMB protocol
Specifications
Hỗ trợ lên đến 10.000 kết nối SMB đồng thời (Khả năng thay đổi tùy thuộc vào mẫu sản phẩm)
Hỗ trợ mã hóa end-to-end SMB1, SMB2, SMB3 và Large MTU
Tùy chọn linh hoạt để khôi phục Phiên bản Trước của tệp và thư mục trên Windows
Tích hợp với Synology Universal Search
Finder trên Mac
File Explorer trên Windows
Hỗ trợ đầy đủ Windows ACL với lên đến 200 quyền rõ ràng
Hỗ trợ Thùng rác
Hỗ trợ sao chép phía máy chủ trên Windows
Hỗ trợ File Fast Clone trên hệ thống tệp Btrfs
Hỗ trợ tệp thưa
Hỗ trợ Time Machine trên macOS 10.12 và các phiên bản sau
Hỗ trợ ẩn thư mục chia sẻ khỏi người dùng không có quyền
Hỗ trợ nhật ký chuyển để giám sát và ghi lại các thao tác tệp. Khi bật nhật ký chuyển:
Mặc định ghi lại việc xóa và đổi tên tệp
Các thao tác tệp khác có thể được chọn để giám sát trong Cài đặt Nhật ký
Hỗ trợ Aggregation Portal, sử dụng công nghệ dựa trên Hệ thống Tệp Phân tán (DFS) của Microsoft
Khóa cơ hội (cho thuê tệp SMB2 và cho thuê thư mục SMB3)
Tay cầm bền SMB
Xóa bộ nhớ đệm SMB
macOS
Mô-đun VFS để chuyển đổi các ký tự đặc biệt của Mac
Khóa chéo giao thức với AFP
Khác
Local Master Browser
Mô-đun VFS DirSort
Tệp Veto
Liên kết tượng trưng
Vô hiệu hóa nhiều kết nối từ cùng một địa chỉ IP
Nhật ký gỡ lỗi
Áp dụng quyền UNIX mặc định
Phân bổ nghiêm ngặt
Xác thực NTLMv1
Đọc không đồng bộ
Giám sát thay đổi trên tất cả các thư mục con trong thư mục
Đồng bộ hóa dữ liệu vào ổ đĩa ngay lập tức khi có yêu cầu từ khách hàng SMB
Bộ nhớ đệm tìm kiếm ký tự đại diện
SMB3 Multichannel
Limitations
Không thể đặt giao thức SMB tối thiểu thành SMB3. Vì SMB3 trên DSM đề cập đến SMB3.1.1, việc đặt SMB3 làm giao thức SMB tối thiểu sẽ ngăn các thiết bị khách hỗ trợ các phiên bản SMB3 trước đó truy cập Synology NAS qua giao thức SMB
Các kết nối đồng thời (tối đa 10,000) được chia sẻ giữa các giao thức SMB, AFP và FTP
Tên nhóm làm việc có thể chứa tối đa 15 ký tự nhưng không được bao gồm các ký tự sau: [ ] ; : " < > * + = \ / |? ,
Việc không cho phép truy cập vào Các Phiên Bản Trước chỉ có sẵn trên vDSM và các mẫu sản phẩm có kiến trúc gói sau: Apollo Lake, Avoton, Braswell, Broadwell, Bromolow, Cedarview và Grantley (Xem bài viết này để biết thông tin về các mẫu hệ thống Synology NAS và các kiến trúc gói tương ứng)
Đăng nhập ẩn danh cho giao thức SMB không được hỗ trợ khi chế độ mã hóa truyền tải được bật
Nên tắt Khóa Cơ Hội để tránh thời gian chờ ứng dụng khi chế độ mã hóa truyền tải được bật
Khóa Cơ Hội hiện chỉ phát hiện các thay đổi siêu dữ liệu và truy cập được thực hiện qua SMB
Bật Local Master Browser sẽ vô hiệu hóa chế độ ngủ đông của HDD và kích hoạt tài khoản khách mà không cần mật khẩu
Tích hợp với File Explorer trên Windows và Finder trên Mac để tìm kiếm các thư mục đã lập chỉ mục qua giao thức SMB không có sẵn trên các thiết bị NVR
Bật chế độ mã hóa truyền tải hoặc ký máy chủ có thể giảm hiệu suất đọc/ghi trong quá trình truyền tệp SMB
Càng nhiều sự kiện thao tác tệp bạn chọn trong Cài Đặt Nhật Ký, càng ảnh hưởng đến hiệu suất hệ thống
SMB3 Multichannel
Chỉ có sẵn trên các mẫu Synology NAS chạy DSM 7.1.1 trở lên và sử dụng SMB Service 4.15
Chỉ hỗ trợ các mẫu sử dụng nền tảng x86, được liệt kê trong Các Mẫu Áp Dụng của bài viết này
Hỗ trợ các hệ điều hành khách sau:
Windows Server 2012 trở lên
Windows 8 trở lên
macOS 11.3 trở lên
Một trong các điều kiện sau phải được cài đặt trên cả máy chủ và máy khách:
Nhiều bộ điều hợp mạng
Một hoặc nhiều bộ điều hợp mạng hỗ trợ RSS (Receive Side Scaling)
Có các hạn chế sau:
Bật SMB3 Multichannel kích hoạt đọc không đồng bộ
SMB3 Multichannel và Link Aggregation không thể được bật đồng thời
Không hỗ trợ RDMA (Remote Direct Memory Access)
AFP protocol
Specifications
Up to 10,000 concurrent AFP connections (Capability varies depending on product model)
Integrates Finder on Mac with Synology Universal Search
Supports Time Machine on macOS
Supports Bonjour Time Machine broadcast
Supports File Fast Clone on Btrfs file system
Supports extended file attributes for color label/icon/extra information on macOS
Supports Recycle Bin
Supports transfer logs to monitor records of file manipulation
Integration with Finder on Mac to search for indexed folders is not available on NVR (Network Video Recorder) series
Integration with Finder on Mac to search mounted folders by tag name and category is only available on macOS 10.9 and later versions
Only a maximum of 255 shared folders can be displayed (in alphabetical order) when being accessed via the AFP protocol; however, the total number of created shared folders may exceed that number
Concurrent connections (up to 10,000) are shared between SMB, AFP, and FTP protocols
FTP protocol
Specifications
Up to 10,000 concurrent FTP connections (Capability varies depending on product model)
Supports FTP, FTP over SSL/TLS (explicit mode), and SFTP protocols
Timeout settings to disconnect idle users
Customized port ranges for passive FTP connections
Server-to-server file transfer via FXP (File eXchange Protocol)
Connection restriction settings for IP addresses
Speed limit settings for specific users or groups
Supports ASCII transfer mode
Supports UTF-8 encoding for files with multilingual filenames
Server cannot be accessed via the FTP protocol by the "guest" account
NFS protocol
Specifications
Supports NFS version 2, 3, 4, and 4.1 protocols
Supports NFS 4.1 multipathing
Supports UNIX/Kerberos security styles
Customized service ports
Read/write UDP packet size settings
Limitations
NFS version 4.1 protocol is only supported on specific product models (See product spec for more information)
Rsync
Specifications
Supports rsync version 3.1.2 protocol
Supports customized rsync configuration to assign user privileges
Supports SSH encryption protocol during file transfer
Supports SSH port customization
Speed limit settings (scheduled and non-scheduled) for specific users or groups
Packages and services running the rsync protocol:
Shared Folder Sync
LUN backup
rsync backup
Limitations
To perform rsync backup from a Synology NAS running a version of DSM before 3.0 or a client that is not a Synology NAS, and to retain the source data's owner and group information, you must add the rsync accounts to the administrators group, and back up data to the NetBackup shared folder in the daemon mode
Storage Manager
Features
Intuitive storage management application to monitor the overall storage usage of your Synology NAS
RAID-based storage systems to provide fault tolerance and increase performance
Supports both Btrfs and ext4 file systems
The Btrfs file system can perform file self-healing to automatically detect silent data corruption and recover corrupted data (See limitation 1)
Supports data deduplication to optimize space efficiency (See limitation 2)
Supports SSD cache to enhance system performance
Specifications
General
File system types: (See limitation 3)
ext4 and Btrfs
RAID types: (See limitation 4, limitation 12)
Basic, SHR-1, SHR-2, JBOD, RAID 0, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1
RAID conversion:
Basic to RAID 1, Basic to RAID 5, RAID 1 to RAID 5, RAID 5 to RAID 6, and SHR-1 to SHR-2
Up to 512 shared folders, including 128 encrypted ones
Up to 256 volumes
Supports creating global and dedicated hot spare drives
Supports expanding storage pool and volume capacity (See limitation 5)
Supports using the Btrfs file system to create volumes of up to 1 PiB (Learn more)
Supports storage pool management options:
Changing the RAID type of a storage pool (Learn more)
Adding and replacing a drive in a storage pool (See limitation 5)
Safely ejecting a storage pool from an expansion unit
Assembling a storage pool online when the system detects a sufficient number of drives
Enabling SSD TRIM for an SSD-only storage pool for sustained performance
Supports displaying usage details for volumes in the Btrfs file system
Supports setting low capacity thresholds and notifications for individual volumes
Supports encrypting volumes with AES-XTS-Plain64 mode (See limitation 6)
Supports setting usage and user quota for shared folders in the Btrfs file system
Supports setting user quota for volumes in the ext4 file system
Supports scheduling data scrubbing to ensure data integrity (See limitation 7)
Supports adjusting the speed limits for running data scrubbing, repairing storage pools, expanding storage pools, and changing the RAID type of storage pools
Supports RAID Group to improve the level of protection (See limitation 8)
Supports Dynamic Bad Sector Mapping to enhance data integrity during storage pool repair
Supports complete Windows access control list (ACL)
Supports encrypting shared folders with AES-256 CBC mode
Drive Management
Supports HDD hibernation feature for power saving
Supports scheduling S.M.A.R.T. tests
Supports deactivating drives while Synology NAS is powered on to prevent service disruption
Supports switching the LED indicator of a specific drive slot
SSD Cache
Supports the SSD cache group feature to aggregate and allocate the capacity of SSDs for caching
Supports creating read-only caches and read-write caches: (See limitation 9)
Up to 16 volumes can be mounted with SSD caches at a time
Metadata of Btrfs volumes can be pinned to read-write caches (Learn more)
Supports SSD cache group management options, including drive addition and replacement, and changing the RAID type
Requires approximately 400 KB of system memory per 1 GB of SSD cache (including expandable memory) and no more than 25% of the pre-installed system memory
ext4 File System
Maximum single file size: 16 TiB
Maximum file name length: 255 bytes (See limitation 10)
Maximum path name length: 4,096 bytes (See limitation 10)
Maximum symbolic link depth: 40
Maximum single volume size: 200 TiB (See limitation 11)
Recommended maximum number of files per folder in the same level: 100,000
Btrfs File System
Maximum single file size: 16 TiB
Maximum file name length: 255 bytes (See limitation 10)
Maximum path name length: 4,096 bytes (See limitation 10)
The data checksum option must be enabled on a shared folder before silent data corruption detection can take effect (Only SHR, RAID 1, RAID 5, RAID 6, RAID 10, and RAID F1 support corrupted data recovery)
Data deduplication is only supported on Synology SSDs and specific Synology NAS models (Learn more)
To find out which file systems are supported by your Synology NAS model, refer to its product datasheet (Learn more)
A storage pool must consist of drives of the same type. The following drives cannot be mixed: SATA and SAS drives, SSDs and HDDs, or 4K native and non-4K native drives
Only certain RAID types support expanding storage pool and volume capacity by adding or replacing drives (Learn more)
Volume encryption is only supported on specific Synology NAS models (Learn more)
File system scrubbing (only supported on the Btrfs file system) and RAID scrubbing (only supported on RAID 5, RAID 6, and RAID F1) will run sequentially when data scrubbing is performed
RAID Group is only available on specific Synology NAS models (Learn more)
SSD cache creation requires volumes belonging to the same storage pool to allocate capacity from the same SSD cache group
Different character encodings may contain different data sizes (e.g., a character with UTF-8 encoding may contain 1 to 4 bytes)
Varies according to Synology NAS models (Learn more)
Only certain Synology NAS models support using M.2 SSDs to create storage pools (Learn more)
File Station
Features
The default file manager for browsing, previewing, and managing folders and files stored on Synology NAS
Sharing files is made easy and safe
Users can customize links to share with specific parties
Users can configure password and validity period for extra protection
Easy access and management from the following devices: personal computer, tablets, and mobile phones
Mounting virtual drives, remote folders and public cloud storage on File Station to access all remote data as if stored locally
Specifications
Supports up to:
100 concurrent remote folders
100 cloud services and file servers
1,000 files in upload queue
512 local groups
512 shared folders
16,000 local user accounts
The number of supported local groups, shared folders, and local user accounts may vary for different Synology NAS models (Please refer to each NAS model's product spec for the recommended number)
Supports recovering or retrieving deleted files from Recycle Bin
Supports viewing and adjusting ACL permissions of files and folders
Supports Windows ACL editor
Supports customizing shared folder attributes to be displayed
Provides an interface to edit music information of audio files
Supports management of files and folders stored on Synology NAS, including:
Creating, renaming, or deleting file and folders
Copying or moving files and folders
Uploading or downloading files and folders
Compressing or extracting archived files and folders
Viewing documents from Synology Office, Microsoft Office Online, or Google Docs
Synology Office supports the following formats for import: docx, xlsx, xlsm, xltx, xltm, xls, xlt, ods, ots, csv
Using Photo Viewer to view photos, Video Player to view videos, and Audio Player play audio files
Browsing files and folders in list view, tile view, and thumbnail view
Supports the following file formats
Imported files:
With Document Viewer (available on certain models only) installed, the following file formats can also be imported: doc
If VLC is not installed on your local computer, Video Player will play videos supported by HTML5. Please refer to here for details
Supports moving files by dragging and dropping them between browser windows
Supports keyboard shortcuts
Supports mounting virtual drives to access the contents of disc (.iso) image files
Supports mounting remote folders from remote servers that support the SMB1/SMB2/SMB3/NFS protocols
Supports connecting to remote public cloud services and file servers via a variety of protocols
Supported public cloud services include:
Box
Dropbox (excluding Team Folder)
Google Drive (excluding Shared Drive)
Microsoft OneDrive
Supported protocols include:
FTP
SFTP
WebDAV
WebDAV HTTPS
Supports sharing files:
With other users on the same Synology NAS
As email attachments with built-in email client
Via easily generated shared file links or QR codes
By creating and managing file requests (i.e., file-uploading invitations) to be sent to non-DSM users
Supports configuring shared file links:
Configured with validity periods, valid access times, and password protection to enhance security
Centrally managed via Shared Links Managers where users can edit, share, or remove existing shared links
Supports performing search (both regular and advanced) to find and display the desired files according to various criteria
Supports indexing folders to allow for more efficient search results
Supports applying and modifying WriteOnce settings to files, such as locking files, extending the retention period, or converting the lock state
Provides logs regarding file transfer and user activities for review and export
Allows setting speed limits on transferring files for specific users and groups
Limitations
A folder containing more than 10,000 subfolders cannot be opened at the lower folder level to ensure optimal browser performance
For non-encrypted shared folders, file/folder name should be within 255 characters (up to about 80 characters for non-Latin languages), and the file path should be within 4,096 characters
For encrypted shared folders, file/folder name should be within 143 characters (up to about 47 characters for non-Latin languages), and the file path should be within 2,048 characters
File and folder names cannot contain colons (:) and slashes (/), start with ._ (e.g., ._name), or use any combination of characters that are reserved for system use (e.g., . or ..)
Drag and drop between browsers or between tabs is not supported on Internet Explorer
Regular searches cannot be performed on folders connected remotely and mounted remote folders
Virtual drives and .iso files can only be mounted to subfolders contained within shared folders
NFSv4 only supports the TCP protocol
Certain features (e.g., Compress to, Extract, Preview, etc.) cannot be applied to files stored on public cloud services or file servers
Individual transfer speeds for each connected cloud service or file server are subject to user speed limit settings
File request links do not allow for folders to be uploaded
Certain cloud-specific limitations may apply when connecting to a cloud service. Please refer to this link for more information
Upload feature may vary with the type of web browser used. Please refer to this link for more information
Universal Search
Features
Global search into applications and files on Synology NAS via file name and file content
Specifications
Offers searches into the following items on Synology NAS:
Files (including images, music, and videos) and file contents in indexed folders
Notes in Note Station
Documents and spreadsheets in Synology Office
Offline DSM Help documents
Applications
Full-text search with keywords and advanced search criteria:
Created/modified/last accessed date
File extension
File size (MB)
Author
Group
Owner
Composer
Album
Title
Publish year
Program name
Genre
Duration (mins)
Audio bitrate
Audio sample rate
Video bitrate
Video codec
Description
Rating
ISO
Camera
Camera model
Exposure time
Aperture
Horizontal resolution
Vertical resolution
Comes with the intelligent search widget "Search Now" to display precise search results:
Supports the "Ctrl + F" hotkey to launch the widget
Supports other hotkeys to search by file type: "Alt + D" for Documents; "Alt + P" for Photos; "Alt + M" for Music; and "Alt + V" for Videos
Search results can be filtered by the following file types: Document, Photo, Music, and Video
Up to 1000 folders can be selected for indexing (Not including subfolders contained within selected folders)
Limitations
Searches into the following types of storage space are not supported:
Items stored in external USB/SD storage devices
Items stored in remote folders, cloud services, and virtual drives mounted to Synology NAS
Volume for hosting indexed folders must have a minimum of 100 MB available
Previews of search results are not available for encrypted and empty-content files
Not all matched terms will be shown as highlighted in preview if a search result contains more than 1,024 matched items
Searching with special characters is limited to file names, not file contents
Network Management
External Access
QuickConnect
Features
Allows secure and smooth connections from mobile and PC clients to Synology NAS via the Internet without the hassle of setting up port forwarding rules and router configurations
Creates a readable URL that allows easy file sharing both internally and externally for certain Synology packages
Specifications
Ensures server connection efficiency by a LAN/WAN detection mechanism to choose the optimal connection method (Learn more)
Ensures server reachability by choosing the optimal connection route and the optional QuickConnect relay service
Secures network connections with end-to-end encryption if SSL is enabled
Applies required port forwarding rules on compatible UPnP routers automatically
Customizable permissions for applications to allow access via QuickConnect
Supports detailed incident records for QuickConnect on the Synology Service Status website (Learn more)
Supports the following applications and services:
DSM
SRM
Central Management System (CMS)
Application Portal
Photo Station
Moments
Audio Station
Surveillance Station (including Synology Surveillance Station Client)
Download Station
Cloud Station (Cloud Station Backup and Cloud Station Drive)
Synology Drive Server (including Synology Drive Client)
Video Station
File Station
File Sharing
Chat (including Synology Chat Client)
Note Station (including Synology Note Station Client)
All Synology mobile apps (LiveCam & VPN Plus is excluded)
Limitations
Connections to third-party applications are not supported
Not supported on certain services and packages that require mapping directly to an IP address or a DDNS
Relayed QuickConnect connections may be slower than connections via port forwarding because of longer network latency
Relay service might not work because of certain limitations of ISPs in some regions
DDNS
Features
Translate the domain name of your Synology NAS to an IP address
Multiple DDNS providers
Synology Heartbeat service DDNS server
Supports custom DDNS provider profiles
Network
Features
Multiple Internet connection types
Static routes on multiple gateways
IPv6 Tunneling
Controls traffic flow and bandwidth for specific protocols
Specifications
General
Supported network protocols: PPPoE, DHCP, static IP
Sets outbound bandwidth for services with specific TCP/UDP ports
Supports Bond and PPPoE interface
Maximum number of rules: 100
Static routing
Supports LAN, VPN, and Bond
Sets up routing rules to a specific interface or Bond
Maximum number of static routes: 100
Limitations
Internet connection
Maximum number of concurrent VPN connections: 1
VLAN
Each network interface allows only one VID
Traffic control
Only the outbound traffic is supported
Maximum number of ports in a rule: 15
System Management
Terminal & SNMP
Specifications
Terminal
Telnet/SSH
Customized SSH cipher list
Supports SSH hardware accelerated ciphers
SNMP
Supports SNMPv1, SNMPv2c, and SNMPv3 protocols
Notification
Features
Sends notification messages via email, push service, or webhooks when system status changes or errors occur
Email notifications are delivered to Synology Account or a personal email address
Push service supports sending notifications to macOS Safari, Google Chrome, and Microsoft Edge
Push service supports sending notifications through DS finder
Supported webhook providers include Synology Chat, Microsoft Teams, LINE, SMS, and other webhook providers
Supports creating custom rules to trigger the system to send notification messages and applying the rules to specific delivery methods
Supports customizing the message content and some variables of notification events
External Devices
Features
Supports managing external devices, such as external disks, printers, or USB storage devices, connected to your Synology NAS
Supports setting your NAS as a print server to enable printer access for client computers or mobile devices that are connected to your NAS
Specifications
Supported file system types on external storage devices include ext4, ext3, FAT32, NTFS, Btrfs, exFAT, and HFS+
Installing exFAT Access from Package Center is required to enable exFAT
Supports formatting the following file system types on external drives: ext4, FAT32, and exFAT
Supported printing protocols include LPR, IPP, Socket, and BJNP
Allows setting access permissions for all connected external storage devices, such as assigning permissions to specific users or groups
Supports restricting the use of USB port to block all types of external USB storage devices from connecting to your NAS
Limitations
Synology HD, FS, SA, XS+, and XS series devices released as of 2022 will no longer support network/USB printers
Synology Plus, Value, and J series devices of the 23-series and above will no longer support connection to printers via USB
RC18015xs+ does not support USB printers
Task Scheduler
Features
Supports scheduling tasks to automatically perform the following actions:
Run user-defined scripts
Empty Recycle Bins
Emit beep sounds
Start/stop services
Resource Monitor
Features
Supports displaying the following metrics:
CPU, RAM, disks, and network usage status
Volume/iSCSI LUN usage status
NFS usage status
Resource usage history
Current user connections and accessed files
Status of file transferring managed by Speed Limit
Security
Features
Protects and encrypts data with multiple security standards
Manages multiple firewall rules for specific protocols and services
Automatically blocks remote connections to avoid malicious attacks and hacking
Supports 3rd party or self-signed certificates
Specifications
General
Runs Rapid7 vulnerability scans regularly
Military-grade AES encryption for shared folders and data transmission
Integration with Let's Encrypt to apply for and manage SSL certificates with ease
Trust level to safeguard from installing unknown or tampered package files
OpenChain 2.0
Web Security
Automatic logout timer provides a layer of security, with a default timeout duration of 15 minutes of inactivity
Admins can restrict users from embedding DSM into other web pages with iFrame
Option to set system protection against cross-site scripting attacks
Option to enhance system security with HTTP content security policy (CSP) header by allowing only data from trusted sources and restricting inline script execution
Supports trusted proxy server
Supports management of different access profiles
Security Advisor
Checks for available DSM and package version updates to ensure security and protect against vulnerabilities
Scans system and related network settings, and detects and removes malware for enhanced system security
Account and password strength detection
Automatically alerts users upon detecting logins from suspicious IP
Automatically updates security definitions database to stay up-to-date
Firewall
Access to ports or services can be individually customized to allow/deny specific IP addresses
Admins can create firewall rules based on geographic regions
Admins can organize firewall rules into different firewall profiles
DDoS protection on all LANs and PPPoE
VPN pass-through for PPTP, L2TP, IP Sec
Maximum locations in a rule: 15
Maximum rules: 100
Auto Block & Account Protection
Services which support Auto Block:
DSM, SSH, Telnet, rsync, network backup, shared folder sync, FTP, WebDAV, File Station, Photo Station, Audio Station, Video Station, Download Station, Mail Server, Mail Station, Time Backup, VPN Server, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
Services which support Account Protection:
DSM, File Station, Audio Station, Video Station, Download Station, Mail Station, Cloud Station Backup, Cloud Station Drive, and Synology mobile apps
IP block can be triggered based on a specified number of failed login attempts within a predefined duration. System supports black list and white list to increase management flexibility
Account Protection sets separate login attempt, frequency, and protection cancellation rules for trusted and untrusted clients
Certificate Management
Supports the import and management of multiple certificates
Certificate encryption algorithm is supported by RSA and ECC
IEEE 802.1X compatibility
Supports multiple certificates for different services:
Web Apps (HTTPS) and WebDAV
FTP SSL/TLS
Mail Services
RADIUS Server
VPN Server
Replication Service
Synology Drive Server
Active Backup for Business
CardDAV Server
Synology Directory Server
Hyper Backup Vault
Presto File Server
File Station
Reverse Proxy
Web Station
Virtual Host
QuickConnect
Syslog
Surveillance
Supports the creation and auto-renewal of Let’s Encrypt wildcard certificate
TLS/SSL Profile Level Management
Supports TLS v1.1/1.2/1.3
Supports multiple TLS/SSL Profile Levels for different services:
Web Apps (HTTPS) and WebDAV
FTP SSL/TLS
Mail Services
RADIUS Server
VPN Server
Misc
Offers HTTP Compression for speeding up web page load time
Built-in AES-NI hardware encryption engine
Limitations
Firewall
GeoIP database can only be upgraded along with DSM updates
Certificate Management
Certificates must be in X.509 PEM format
Private keys must be in RSA format and cannot be passphrase protected
Certificates issued by Let's Encrypt are valid for 90 days and can be automatically renewed by DSM before they expire. Please make sure your Synology NAS and router have port 80 open for certificate renewal
2-step verification
Only users in the administrators group can disable the 2-step verification for regular users
Email reset for users in the administrators group is disabled. Users in the administrators group must soft reset the device to remove 2-step verification
Log Center
Features
Offers an easy solution for gathering and displaying log messages on Synology NAS
Centralized log management interface and the flexible search function to help you find useful information efficiently
Specifications
The following functions are only provided by the Log Center package, but not the built-in Log Center application:
Archives logs by specified time, number of logs, the data size, and hosts
Sends logs to another log server
Supports TCP and UDP transfer protocol
Supports BSD (RFC 3164) and IETF (RFC 5424) format
Supports secured SSL connection by importing certificates
Supports sending logs filtered by service categories or log levels
Receives logs from the other log servers
Supports TCP and UDP transfer protocol
Supports BSD (RFC 3164), IETF (RFC 5424), and other customized formats
Supports secured SSL connection by importing certificates
Keeps the configuration history of the Log Center package
Proactive email notification according to log level or specified keywords
Advanced log search engine filtering logs by keywords, date range, and log level
Supports exporting logs to HTML or CSV files
Affiliated Utility
Synology Assistant
Features
An easy-to-use tool for managing your Synology NAS and other devices in the local area network (LAN)
For locating and connecting to Synology devices and checking status
For centrally managing printers attached to Synology NAS
Specifications
System requirements
Windows 10 or above
macOS 12.4 or above
Ubuntu 20.04 or above
Supports displaying the following information for Synology devices:
Server name
IP address
IP status
Server status
MAC address
Firmware version
Model
Serial number
WOL (Wake-on-LAN) status
Supports mapping a shared folder as a network drive
Supports using WOL to remotely wake up Synology NAS
Offers memory diagnostic tests for Synology NAS and routers
USB printers must be directly connected to Synology NAS via USB ports, not USB hubs
The memory card function of connected printers is not supported
Servers are unable to provides services during memory diagnostic tests
Synology HD, FS, SA, XS+, and XS series devices released as of 2022 will no longer support network/USB printers
Synology Plus, Value, and J series devices of the 23-series and above will no longer support connection to printers via USB
RC18015xs+ does not support USB printers
DS finder
Features
An app that lets you set up and install DSM on Synology NAS directly from your mobile device
Supports searching and locating Synology NAS within the same LAN
Supports various useful functions to configure your Synology NAS
Sends push notifications to your mobile device when system events take place
Specifications
System requirements
iOS: 13.0 or above
Android: 8.0 or above
Supports searching and connecting to NAS within the same LAN
Supports installing DSM for your NAS with the installation wizard
Automatically installs certain Synology packages for your Synology NAS directly from your mobile device
Creates Synology Hybrid RAID (SHR) as the default RAID type for quick and easy allocation of your drives' storage space
Recommends certain Synology mobile apps for your mobile device
Supports managing multiple NAS in one mobile app
Supports customizing a port for the Wake-on-LAN (WOL) function to wake up your NAS over the Internet
Supports shutting down and restarting NAS directly from your mobile device
Triggers beep sounds from your NAS to easily find its location
Monitors storage usage and hard drives' health conditions
Supports user management, such as adding and deleting users, managing credentials and status, and assigning user groups
Supports enabling push notifications to trigger notifications when specific system events take place
Supports configuring DSM update settings to automatically update DSM, automatically check for updates, or schedule a time to check for updates
Provides system and network information to view all the details about your devices
Supports configuring auto IP blocking with the options of blocking rules and block/allow list
Supports binding a Synology Account to each NAS for the following services:
Supports enabling and setting up QuickConnect to access your NAS in WAN
Supports enabling Synology Active Insight to monitor your device
Allows for accessing DSM via a mobile web version without having to use a web browser
Supports passcode lock to secure the accessibility of your Synology NAS
Limitations
Only desktop models whose names start with "DS" are supported
DS file (Mobile)
Features
Mobile application for managing files stored on your Synology NAS through secure HTTPS connection
Browse pictures, watch videos, or check work documents on the go
Specifications
System requirements
iOS: 14.0 or above
Android: 8.0 or above
Supports logging in securely via SSL/TLS connections and verifying the server certificate installed on your Synology server
Supports sharing credentials with other Synology mobile apps and recording login history, allowing you to skip entering user credentials multiple times
The supported file formats vary depending on the capabilities of your mobile device
My Favorites: Supports adding frequently accessed files as shortcuts
Offline Files: Supports pinning files for access without Internet connection
Tasks: Supports displaying ongoing upload and download tasks and their respective statuses
Supports sharing files and folders with customized link settings to protect your data
Validity Period
Password
Supports backing up photos from your mobile device to your Synology NAS with granular settings
Backup modes:
Back up new photos: Back up only newly added photos/videos
Back up all photos: Back up newly added photos/videos as well as existing ones
Backup rules:
Upload on Wi-Fi only: Back up photos/videos only when your mobile device runs on Wi-Fi
Upload photos only: Back up only photos but not videos
Keep Original File Name: Keep original file names of backed up photos/videos. If not enabled, their file names are replaced with the date they were created
Live Photo: Upload live photos only, or upload both photo and video
Free up mobile space: Remove the photos and videos that have been backed up to your Synology NAS to release storage space on your mobile device
Supports archiving and extracting items to save storage space and provides password protection to safeguard sensitive data
File formats supported for extraction: zip, .tar, .gz, .tgz, .rar, .7z, .iso (ISO 9660 and Joliet)