firewall password doesn't work

English
1

Hi
I’ve a NAS qnap
display_model_name: “TS-253E”
os: “QTS”
firmware QTS 5.2.3.3006 Build 20250108
BIOS Q0AQAR12

I wanted to renew my let’s encrypt certificate.
Then I want to disactivate my firewall while i renew it.
To do it I need my administrator password. I use a user different than “admin”
I remove the double authentification with this user to disactivate the firewall. I know that it’s not possible to disactivate it with 2FA.
I try to disactivate it from QuFirewall

image
image248×300 20.6 KB

But the password doesn’t work.
image
image494×140 6.28 KB

Even with this I cannot disactivate the firewall.
The only way to disactivate the firewall is from Security center

image
image1464×271 62.8 KB

Here my password is working
Do you now why ?
Even I succeeded to disactivate the firewall I cannot renew my out of date let’s
encrypt certificate but this is another point. It’s perhaps because it’s out of date
MTS

2

I updated to 5.2.5.3145 Build 20250526.
and YQnapcloud link to 2.4.63
But it is still the same

3

Make sure you always switch your UI to English when posting screenshots in an English forum.

All my NAS installs have the QuFirewall disabled, but I have never heard of the firewall having a separate password.

What user are you using when accessing it

4

It is the password of the user admin connected to the NAS.

5

Are you trying to reach the QuFirewall interface directly or are you going to the general web interface first and click on the app in the QTS GUI ?

6

Hi @MTS
This issue is likely due to a recent Let’s Encrypt API change, and it doesn’t appear to be related to QuFirewall. We recommend you restore your QuFirewall settings.

We’ll be releasing a new version of the QTS SSL Certificate soon to address this. We’ll make sure to update you on the forum once it’s available. Thanks!

7

Hi @MTS
Our new version of the QTS SSL Certificate has been released. Please update to the latest version and then try again to see if the issue is resolved.

8

Hi All Thanks for you answer.

@Dolbyman
I trying to reach the Qufirewall interface only with QTS GUI with my LAN address.

image
image440×365 49.4 KB

or by the “hamburger” menu
image
image567×630 94.4 KB

@SteveKo

I updated the QTS SSL Certificate to V2.2.60
But i still have the same issue

image
image448×152 5.93 KB

Means authenfication fails, could you check the DNS server and that the port 80 is working.
The port 80 and 443 is open and my internet box send the inbound to the QNAP IP address
I tried with my lan address and site web address but it’s the same error.
MTS

9

Sorry no idea best to open a ticket…just make very very sure to never ever expose your NAS to WAN via port forwards!

10

Hi dolbyman
Thank you for your trial.
About ticket, you’re talking about qnap support not here on forum.
When you talk about port forward. I must link the box port 80 to NAS port 80 and 433 also.
There is no other way. To secure, I changed the default port to join the NAS from outside.
If I want to access it from outside I need to link some port.
Except If, from every where I can use a VPN.

I filtered the IP address from only my country and some sites like let’s encrypt.
That’s why when I wanted to renew my certificate I stoped my firewall fo few moment
MTS

11

That kind of thing has cost millions in ransom, there is just no excuse, there is tons of VPN types(no not the type you pay for) to connect securely to your home. Or you can even use QNAP CloudLink feature (uses relay servers)
Just check the deadbolt topic [RANSOMWARE] >>READ 1st Post<< Deadbolt - QNAP NAS Community Forum

SSL certs do not protect your NAS, they authenticate traffic (above mentioned topic has people hacked, that used strong password,2FA,SSL,etc, and it did nothing, do not be part of the next wave !)