# Synology Snapshot Admin Firewall and Reverse Proxy Table Use these values for the first POC. ## Reverse proxy rule | Field | Value | |---|---| | Rule name | `snapshot-admin` | | Source protocol | `HTTPS` | | Source hostname | `admin.example.com` | | Source port | `443` | | Source path | `/` | | Destination protocol | `HTTP` | | Destination hostname | `127.0.0.1` | | Destination port | `8787` | ## Firewall rules | Rule | Action | Source | Destination | Port | |---|---|---|---|---| | Reverse proxy public entry | Allow | WAN or trusted public CIDR | NAS | `443/TCP` | | Raw service port | Deny | WAN | NAS | `8787/TCP` | | Optional office/VPN allowlist | Allow | Office/VPN CIDR only | NAS | `443/TCP` | ## Certificate | Field | Value | |---|---| | Type | TLS certificate | | Hostname | `admin.example.com` | | Binding | Reverse proxy rule `snapshot-admin` | ## Notes - Keep `8787/TCP` private. - Keep Basic Auth enabled in the Python service. - Use `127.0.0.1` for the backend destination unless you are explicitly testing direct bind mode.