I do not know details of a Rockstctor implementation in NAS or Cloud server. I am looking for a solution that allows me to provide a storage area for my customers to access, read and record files from anywhere on the internet. I believe that Rockstor meets my needs, am I correct?
However, I have concerns about security. My network has a Fortigate 100e router as gateway and internet access.
I would like to know if it is possible to redirect all customer access to the server in the Fortigate? I would not like customers to be able to see the others servers and stations of the network.
Other doubts.
What are the TCP doors used by the Rockstor (NAS or Cloud)?
Is it possible to redirect the traffic of these doors in the Fortigate?
Can an external web or app application access this area safely?
Rockstor has primarily been designed with a bare-metal installation on physical hardware in mind, and connections to it within a local network.
Of course you do have the option to set it up as a VM with VM disks for storage (on a cloud server or on local hardware, too), but the original idea of this project only considered that for testing. Worth a try.
Of course, one can access the Rockstor appliance from the public internet, if so desired. The WebUI can be made accessible through a firewall (redirect to the https port of the Rockstor server, however you then also want to install some certificates to make the connection secure, at least from the outside).
However, for your users the access to the data is much more important than the WebUI, since that is for administration and not direct interaction in terms of performing storage transactions (read/write/modify).
the only approach I can think of, is that you set up a VPN server (tailscale built-in which uses WireGuard as the underlying technology, or the Wireguard Rockon which is docker based) to essentially provide a secure tunnel for the users to access network shares (SMB or NFS for example). Tailscale/Wireguard is very lightweight and currently considered pretty secure.
In terms of isolation from other servers on your network, you probably would want to place Rockstor in its own subnet/network and restrict the traversing across networks, which I assume Fortigate has no issue to set up for.
To your question on external web/apps, if they can connect to SMB (or NFS) shares within a tunnel, then yes. You could set up sftp shares as well, but that might not be what your user requirements are.
Hope that helps, may be someone else has a more differentiated viewpoint on this.
Fundamentally, you can of course look into OwnCloud or something similar where you can probably host in the way you’re looking for. That could be based on a Rockstor setup (with the appropriate docker-based Rockon for example) or investigate how you can run that off a cloud server …