USG Flex700 vs Web Server (Synology)

Options
NoE
NoE Posts: 30  Freshman Member
First Anniversary 10 Comments Friend Collector
edited January 7 in Security

Hi all,

I have a Synology NAS behind Flex700 - it is part of the Intranet, where users store quite an amount of data on shared drive.
I am planning to run also company web server there - the web services (Apache, PHP, SQL etc etc) are built in features of Synology NAS DS218. So - to put it plainly - publicly accessible web pages will be in fact hosted on Synology which is behind Flex700.

So I am thinking like following:

  1. I will activate web server on Synology
  2. I will create a bridge of internal IP of Synology (192.168.1.x) to public IP
  3. I will restrict the traffic over that bridge just to www (via Policy Control)

Is this plan OK? Is it safe? And….is it even possible :) ?

Best regards,

Dusan

All Replies

  • zyman2008
    zyman2008 Posts: 208  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @NoE ,

    If the web services need to public to Internet.

    The FLEX firewall just control the access to the web service.

    If there're vulnerabilities on the web application (web codes) itself.

    That's the only potential risk and that FLEX cannot help.

    To narrow the attack surface of your web services.

    You need to well configure on the Apache access control.

    To allow the admin console of your web application only from intranet.

    ex.

    location /phpmyadmin {
    alias /usr/share/phpMyAdmin;
    index index.php;
    allow 192.168.1.0/24;
    deny all;
    }

Security Highlight