It only takes one exploit abused by a nation state threat actor and you’ll be part of the next news where 100s of thousands of NAS appliances were cryptoed with ransomware.
I would say you’re safer with Cloudflare tunnel providing you’re utilizing blacklisting on Cloudflare where only certain trusted IPs are allowed.
Your reasons why are https://www.cvedetails.com/vulnerability-list/vendor_id-11138/Synology.html?page=1&cvssscoremin=8&order=1&trc=250&sha=3d655d1befa87d00b4ee6efb440f2b83c057d878
It only takes one exploit abused by a nation state threat actor and you’ll be part of the next news where 100s of thousands of NAS appliances were cryptoed with ransomware.
I would say you’re safer with Cloudflare tunnel providing you’re utilizing blacklisting on Cloudflare where only certain trusted IPs are allowed.
For a better solution I’d ask you to look at Tailscale and their easy VPN technology. https://tailscale.com/kb/1131/synology/
Stay safe out there.
Signed, Your friendly cybersecurity leader