This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM blocking Synology Drive file share links?

Hi folks

I have an interesting problem.

I have a Synology 1517+ NAS sitting behind a SophosUTM appliance.

The UTM has correct firewall configuration to let through key NAS services - admin access, file access, etc. Normally I can access Synology's Drive service (equivalent to Google Drive but running on my own server) outside my home network with no issues.

The problem happens when I want to share files from Synology Drive. The file share creates a link to the file as seen in the screenshot below. The problem is that this link cannot be accessed outside my LAN. Access outside my LAN throws a "ERR_CONNECTION_RESET" error.

I have checked ports used by Synology Drive and it's all the same ones I already have opened. Given the issue only happens when accessing outside my LAN, I place this firmly at the feet of Sophos.

Any advice much appreciated.



This thread was automatically locked due to age.
Parents
  • The setup you are describing is a hacker's paradise. Are you saying, you are really giving direct access to all the services on your NAS-system from outside? With DNAT-rules?

    I would highly recommend using a VPN-Setup for this kind of external access!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • The setup you are describing is a hacker's paradise. Are you saying, you are really giving direct access to all the services on your NAS-system from outside? With DNAT-rules?

    I would highly recommend using a VPN-Setup for this kind of external access!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • And I wouldn't want to give any advice on how to extend this insecure setup with any additional ports and services.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.