Situation: The client has Synology 1618. They can’t open Package Center: with this message: “connection failed. please check your network and time settings”
Troubleshooting: on Paloalto Firewall Monitor, we find the traffic to 52.114.x.x was denied by security policy. IP locator points the IP located in Taiwan, which the firewall blocks.
The resolution is excluding the IP address to the policy. This is the step by step video.
How to unblock a country in Outbound block policy in Palo Alto Firewall
Or add Synology website into Security policy. Please refer to this post:
How to allow accessing blocked countries’ URL in paloalto firewall
Other resolution found online.
Resolution 1: Based on Synology:
1. Please make sure the DNS Server and Gateway settings are properly configured on Diskstation. You can set up DNS server to 8.8.8.8 or 8.8.4.4 (Google’s public Server) in Control Panel > Network.
Usually, the gateway should be your router’s IP address, we suggest to use a Public DNS server instead of your Router.
2. Please go to Control Panel > Network > Network Interface > edit > IPv6, change the setting from “Auto” to “Disable”;
3. Please go to Control Panel > Network > Network Interface > edit > IPv4, change the setting from “DHCP” to “Manual”;
Make sure the MTU value for the interface is the default one : 1500.
4. Please go to DSM > Control Panel > Regional Options and make sure the time sync with NTP service is right.”
It may take a few hours to fix the problem. Or you can restart Synology.
Resolution 2: corporate SSL settings
This problem may also be caused by corporate SSL proxies. You can check this with curl https://payment.synology.com/api/getPackageListv1.php (from the shell prompt on your NAS). The error will be obvious. To fix it, you need to add your proxy certificate chain to /etc/ssl/certs/ca-certificates.txt. BE CAREFUL NOT TO OVERWRITE IT!
For completeness, you’re supposed to place the individual CA certificates in the chain in /usr/share/ca-certificates. I created a “work” subdirectory. Then symlink those certificates (ending in .crt) to /etc/ssl/certs (ending in .pem). Lastly, cat Company*.pem >> /etc/ssl/certs/ca-certificates.txt (assuming all your certs begin with “Company”). Note the use of >> in the command. This appends, while a single > will overwrite (not good).
Package Center will need to be relaunched to clear the error.
Resolution 3: I ended up fixing my issue by updating my DDNS certificate.
I went to “Control Panel=>Security=>Certificate” then right clicked my DDNS certificate and clicked “Renew certificate”.
Prior to this I tried all the suggestions (manually set DNS to Google, updated time, etc).
Resolution 4: from Synology support: Please be aware that if you have firewall rules which might be blocking IP address, via Geo location we would like for you to disable this feature for sites in the Taiwan area. As this is the location of our Headquarters and Package Server location. If you have any special firewall rules on your NAS, Control Panel>Security>Firewall. We would recommend disabling these temporarily while you test the connection for Package Center.
