We value your privacy

We use cookies to personalize your use of our site. This includes third-party cookies for that we use for advertising and site analytics. See our Privacy Statement and Cookie Policy for more information on how we collect and use data.

Cookie Options
OK
Knowledge Center

Auto Block

In this section, you will learn how to protect your network accounts from unauthorized access by setting up the auto block feature.

Contents

  1. Enable auto block
  2. Set up an allow/block list

1. Enable auto block

The auto block feature helps improve the security of your Synology Router by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks. Enabling auto block will automatically block IP addresses after exceeding a certain number of failed login attempts within the specified number of minutes. The number includes all failed login attempts via SRM, SSH, FTP, WebDAV, File Station, Download Station, VPN Server, and Synology mobile apps.

To enable auto block:

  1. Go to Network Center > Security > Auto Block.
  2. Check Enable auto block.
  3. Enter a number of failed login attempts in Login attempts and a number of minutes in Within (minutes). If you want to automatically remove a blocked IP address after a certain number of days, check Enable block expiration and enter a number in Unblock after (days).
  4. Click Apply to save your changes.

2. Set up an allow/block list

You can create and manage an allow list to exempt IP addresses that you trust from auto block. You can also create and manage a block list to always prevent certain IP addresses from logging in to your Synology Router. Lists can be modified anytime by adding or removing IP addresses.

To set up an allow list:

  1. Go to Network Center > Security > Auto Block.
  2. Click Allow/Block List.
  3. On the Allow List tab, select either of the following from the Create drop-down menu:
    1. Add IP address: Enter an IP address and click OK to continue.
    2. Import IP address list: Import a text file containing the IP addresses to add. You may choose to overwrite existing IP addresses from both allow/block lists. If this option is not selected, duplicate IP addresses will be skipped. If the file you selected follows the correct format, IP addresses will be listed. Click OK to import.
  4. Click Close to finish.

To set up a block list:

  1. Go to Network Center > Security > Auto Block.
  2. Click Allow/Block List.
  3. On the Block List tab, select either of the following from the Create drop-down menu:
    1. Add IP address: Enter an IP address and expiration time. Click OK to continue.
    2. Import IP address list: Import a text file containing the IP addresses to add and enter an expiration time. You may choose to overwrite existing IP addresses from both allow/block lists. If this option is not selected, duplicate IP addresses will be skipped. If the file you selected follows the correct format, IP addresses will be listed. Click OK to import.
  4. Click Close to finish.

Note:

The correct format for importing text files is as follows:

  • The file must be a plain text file.
  • Each line of the file can contain only one IP address.
  • Comment lines begin with a # (pound sign).
  • If your Synology Router device is behind a reverse proxy server, please add the IP address of that reverse proxy server to the allow list.

To remove IP addresses:

  1. Click Allow/Block List.
  2. Select the IP address(es) you want to remove from the list and click Remove.
  3. A confirmation prompt appears. Click Delete to finish.
1. Enable auto block
2. Set up an allow/block list