Managing Firewall

The Firewall in SoftNAS helps to control the incoming and outgoing network traffic in VPN.

As of version 5.0, all unnecessary ports for a typical SoftNAS deployment are closed, in order to ensure your security. However, this means that if you are deploying SoftNAS to handle various file protocols, you may need to configure some ports to ensure success. 

To reach the SoftNAS Firewall, expand Settings from the Storage Administration Pane, and select Firewall.

If enabling the firewall, be sure to open up the appropriate set of ports for SSH, HTTP. HTTPS, NFS/bind, iSCSI, CIFS, etc.

Configuring the SoftNAS Firewall

As stated, the current SoftNAS Firewall is pre-configured, and set to restrict any ports that are deemed unnecessary to a standard deployment.

This means that only ports and protocols commonly used are configured to start.

Ports configured to start include:

  • NFS
  • rpc-bind
  • mountd (iSCSI)

Deleting a Service or Port from the SoftNAS Firewall

In order to remove a service or port, simply select the service, and click the Delete Selected Rules button. 

Buurst does not recommend removing default services without good reason. Please consult Buurst Support if you are unsure of which ports or services you require for your deployment.

Adding Allowed Service

  • For this example, you will note that we have NFS as a default service in the current configuration.  This refers to NFSv4 only, as this is the most commonly used version at the moment.  Let's assume we need to configure SoftNAS to connect with a legacy application that uses NFSv3.

  • Select the Add allowed service link.  The Add Service screen will display.

  • Select the service to allow (in this example nfs3) from the dropdown.

  • Once done, click the Create button.

Buurst's SoftNAS can allow traffic from a large list of services, as you can see on the right.

  • The service will show in the allowed list. 

Add Allowed Port

  • Select the Add allowed port link. The Add Port screen will display.

  • Enter either a Single port or a Port range that you would like to allow.

  • Select the Network protocol from the drop-down menu.

  • Once done, click the Create button.