The all-new ADM Defender provides preset and customizable firewall profiles. Intelligent security protection can proactively prevent suspicious IP addresses from connecting to your NAS. ADM can also monitor network transmission packets to intercept suspicious network activities. The new design makes it easier to enable the firewall and additional security protections. ADM Defender proactively prevents suspicious connections, which can help further reduce the risks of malware and attacks to further improve data security.

Introduced in ADM 5.0.

2. Adding a Trusted List

IP addresses specified in the trust list have the highest priority in allowing connections and will override addresses found in automatic blacklist.

Using your Web browser, log in to ADM using an administrator account.
Select [ADM Defender] [Trusted List].
Click [Add].

Select a different format to add a new trusted list.
- IP address:
- IP range:
- Subnet mask:

Click Import to add multiple trusted lists using a csv file.

The IP addresses added to the trusted list will be allowed to connect to the ASUSTOR NAS.
A trusted list can be edited or removed here.
The trusted list can be exported as a .csv file for backing up the settings.

3. Enabling Intelligent Security Protection

Enabling Intelligent security protection can proactively prevent suspicious IP addresses from connecting to your NAS.

Auto Black List:
The automatic blacklist blocks IP addresses that make too many unsuccessful attempts to log in within a set amount of time.

Select [Intelligent Protection] [Auto Black List].
Select [Enable auto black list] and click on [Apply].

Click Import to add multiple blacklists using a csv file.

Specific policies can be changed by administrators in Settings.

IP addresses added to the blacklist automatically will be prohibited from connecting to the ASUSTOR NAS.
A blacklist can be removed here.
The blacklist can be exported as a .csv file for backing up the settings.

Risk Detection Greylist:
When enabling risk IP detection, ADM will check the addresses of devices that attempt to connect to a NAS. IP addresses that are not in the automatic blacklist by the firewall and the trustlist are given a risk rating. By comparing addresses with the risk detection greylist stored on ADM, the AbuseIPDB online database, the existence of addresses already found in the ADM risk detection greylist, or addresses exceeding a specified risk value will be directly blocked, preventing login. The blocked IP will be directly added to the greylist.
Before using this feature, please first sign up for an account at AbuseIPDB and obtain an API key. Click here to view instructions. Individual accounts have a maximum checks or reports per day. To increase the number of checks and reports, a paid plan from AbuseIPDB is required.

Select [Intelligent Protection] [Risk Detection Greylist].
Select [Enable IP risk detection].

Enter the API key obtained from the AbuseIPDB web site and click [Verify].
Select a risk value and click on [Apply].

The period of time an IP address is blocked can be set in Settings. By default, a suspicious IP address will be permanently blocked. The minimum time an address can be blocked is seven days.

IP addresses added to the Risk Detection Greylist automatically will be prohibited from connecting to the ASUSTOR NAS.
A Risk Detection Greylist can be removed here.
The Risk Detection Greylist can be exported as a .csv file for backing up the settings.

4. Enabling the Firewall

Use the firewall to allow or deny IP addresses, entire ranges, and/or entire countries access to your NAS. ADM Defender provides Intranet only and location-restricted profiles that can be applied directly by default as well as the ability to add custom profile. Customized firewall profiles can be configured to protect all or specific network interfaces, ports and protocols.
To ensure continued access when denying all connections to your NAS, ensure that your device IP addresses have been added to the allow list, otherwise all devices will be locked out.

To define IP addresses by geolocation, the Geo IP Database app on App Central must be installed first.

Select [Firewall] [General].
Select [Enable firewall].
Select a profile to activate, or add a new profile and click [Apply].

4.1 Managing Firewall Profiles

Select [Firewall] [General].
Click [Add a new profile].

Select [Firewall] [Profile Management].
Click [Add].

Intranet only:
ADM Defender provides Intranet only profile that can be applied directly by default. If you only allow connections to the NAS within your Intranet, you can enable this profile to deny all client devices outside of your Intranet from connecting to the NAS.

Select [Intranet only] and click [Apply].

Click OK to enable the firewall and this profile.

Location-restricted:
ADM Defender provides location-restricted profile that can be applied directly by default. If you only allow connections to the NAS within your location, you can enable this profile to deny all client devices outside of your location from connecting to the NAS.

Select [Location-restricted] and click [Next].

Please select a location where connections are permitted and click [Apply].

Confirm that the profile is active.

Customization:

Select [Customization] and click [Apply].

Enter a custom profile name.
Click [Add].

Select a network interface for the rule to allow or deny connections.

Select a source IP address or geolocation.

Select a restricted port.
Click OK to save the rule.

Click OK to enable a custom profile.

Default profiles are read only and cannot be modified. However, it can be copied to another profile and edited there.

For example: Copy the original "Location-restricted" profile, edit and add another geolocation that is allowed to connect.

Select [Location-restricted] and click Copy.

Enter a custom profile name.
Select a geolocation rule and click Edit.

Select other geolocations, click OK.

After confirming the rules, click OK.

You can remove inactive customized or modified profiles here.
Firewall profiles can be exported as a JSON file for backup purposes.
Click Import to create a new firewall profile using a JSON file.

5. Additional notes

Packet Logs: Intercepted packets will be recorded here after enabling the Auto Blacklist, Risk Detection Greylist or Firewall.

Packet Capture:
- When enabling Automatic Packet Capture, your NAS will automatically capture packets after the specified amount has been intercepted in intervals of the specified capture duration.
- Packets can be manually captured at any time.

Captured packet data can be downloaded as PCAP or TXT files for deeper analysis of network attack behavior.

You must install other software that supports PCAP files to open these files, such as WireShark or NetworkMiner.

Was this article helpful? Yes / No

Not related to my issue
Too complicated
Incorrect information
Not enough information
Do you have any other feedback for this article?

Email

Suggest a topic

Personal to Home

Home to Power User

Power User to Business

All-Flash Storage

Small & Medium Business

All Products

Accessories

Desktop Apps

NAS 311