USG Flex700 vs Web Server (Synology)
Freshman Member
Hi all,
I have a Synology NAS behind Flex700 - it is part of the Intranet, where users store quite an amount of data on shared drive.
I am planning to run also company web server there - the web services (Apache, PHP, SQL etc etc) are built in features of Synology NAS DS218. So - to put it plainly - publicly accessible web pages will be in fact hosted on Synology which is behind Flex700.
So I am thinking like following:
- I will activate web server on Synology
- I will create a bridge of internal IP of Synology (192.168.1.x) to public IP
- I will restrict the traffic over that bridge just to www (via Policy Control)
Is this plan OK? Is it safe? And….is it even possible :) ?
Best regards,
Dusan
All Replies
-
Hi @NoE ,
If the web services need to public to Internet.
The FLEX firewall just control the access to the web service.
If there're vulnerabilities on the web application (web codes) itself.
That's the only potential risk and that FLEX cannot help.
To narrow the attack surface of your web services.
You need to well configure on the Apache access control.
To allow the admin console of your web application only from intranet.
ex.
location /phpmyadmin {
alias /usr/share/phpMyAdmin;
index index.php;
allow 192.168.1.0/24;
deny all;
}1
Master Member
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
