Block certain device from Internet

@user_222646 We aren't able to advise on how to set this up as it is beyond our scope of support. However, since you have concerns about internet security you may want to contact our CSA team. They won't be able to advise how to isolate your NAS from the internet, but they can look into the attacks. Their contact information can be found here.

Did open ports in your firewall for your NAS with port forwarding so you can access it remotely?  Or any other port for that matter?

Did you enable a DMZ and assign the NAS there?  What model NAS is this?  Perhaps an example of an attack, or failed login on it would help explain too.

Yeah, OK.  There's some issues with the product.  This is it for documentation. 

https://www.synology.com/en-us/support/download/DS216j?version=7.2#docs 

I would direct the question to this company instead.  My concerns?

You bought a product that connects to a cloud server instance -- you don't control.  Your data is located....well, you don't know that either.  And manage it with a phone app, the least secure device you own, that runs a service other things can connect to via that cloud instance, using security you can't audit.  It's also not documented how they are doing security, there are no data storage-on-disk-encryption claims, so you can assume your data is an open book when they have a data breach.  It also appears there's no way to run "stand alone", isolated, on a local LAN, and NOT run that connection to the cloud server instance and still remain functional, or if there is, that isn't documented either.

I'd be extremely leery of these types of products, or any product that requires you to use a phone app to control it, or that won't run "stand alone", and also any product that does not have a full user manual.  I certainly wouldn't put any critical, financial or personal data on it.