UI Reference Guide

This book contains descriptions of the various screens and fields available in the TrueNAS User Interface.

Welcome to the TrueNAS CORE UI Reference Guide!

This document shows and describes each screen and configurable option contained within the TrueNAS web interface. The document is arranged in a parallel manner to the TrueNAS web interface, beginning with the top panel and then descending through each option displayed in the web interface left side menu. To display this document in a linear HTML format, export it to PDF, or physically print it, please select ⎙ Download or Print.

⎙ Download or Print: View all CORE UI Reference content as a single page for download or print.

Top Menu: Reference documentation for the options panel that displays at the top of the TrueNAS UI.

Task Manager: Displays a list of tasks performed by your TrueNAS.
Alert Notifications: Displays system alerts and provides options to dismiss or reopen dismissed alerts on your TrueNAS.
Interface Preferences: Displays a list of general preferences for your TrueNAS.

Dashboard: CORE Dashboard reference.

Accounts: CORE UI User and Group screens documentation.

Groups: Describes the fields on the Groups screen in TrueNAS CORE.
Users: Describes the fields on the Users screens in TrueNAS CORE.

System: Reference documentation for the screens within the System menu option.

General: Describes the fields for the general system settings for TrueNAS CORE.
NTP Servers: Describes the fields for the NTP Server Settings screen on TrueNAS CORE.
Boot: Provides information about the Boot screen for the TrueNAS CORE.
Advanced: Describes the System > Advanced screen on TrueNAS CORE.
Email: Describes the Email screen on TrueNAS CORE.
System Dataset: Describes the System Dataset screen on TrueNAS CORE.
Reporting: Contains information about the Reporting screen on TrueNAS CORE.
Alert Services: Describes the fields on the Alert Services screen on TrueNAS CORE.
Alert Settings: Describes the Alert Settings screen on TrueNAS CORE.
Cloud Credentials: Describes the fields in the Cloud Credentials screen in TrueNAS CORE.
SSH Connections: Describes the SSH screen fields on TrueNAS CORE.
SSH Keypairs: Describes the SSH Keypair screen on TrueNAS CORE.
Tunables: Describes the Tunable screen fields on TrueNAS CORE.
Update: Describes the fields in the Update screen in TrueNAS CORE.
CAs: Describes the Certificate Authorities screen settings and functions.
Certificates: Explains the fields located on the Certificates screen in TrueNAS CORE.
ACME DNS: Describes the fields in the Add ACME DNS Authenticators screen on TrueNAS CORE.
Support: Describes the Support screen on TrueNAS CORE.
2FA (Two-Factor Authentication): Describes the Two-Factor Authentication User Settings screen on TrueNAS CORE.

Tasks: Reference documentation of screens within the Tasks menu option.

Cron Jobs: Describes the fields on the Cron Jobs screen on TrueNAS CORE.
Init/Shutdown Scripts: Explains the fields on the Init/Shutdown Script screen on TrueNAS CORE.
Rsync Tasks: Provides information about the Rsync Tasks screen on TrueNAS CORE.
S.M.A.R.T. Tests: Describes the fields on the S.M.A.R.T. Test screen on TrueNAS CORE.
Periodic Snapshot Tasks: Defines the fields in the Periodic Snapshot Tasks Screen on TrueNAS CORE.
Replication Tasks: Decribes the fields on the Replication Tasks screen for TrueNAS CORE.
Resilver Priority: Describes the Resilver Priority screen on TrueNAS CORE.
Scrub Tasks: Describes the fields on the Scrub Task screen on TrueNAS CORE.
Cloud Sync Tasks: Describes the Cloud Sync Tasks screen on TrueNAS CORE.
Advanced Scheduler: Describes the fields in the Advanced Scheduler in TrueNAS CORE.

Network: Reference documentation of the various Network menu screens.

Interfaces Screen: Describes the fields in the Network Interface screen on TrueNAS CORE.
Network Summary Screen: Describes the fields in the Network Summary screen in TrueNAS CORE.
Global Configuration Screen: Describes how to use the Global Configuration screen in TrueNAS CORE.
Static Routes Screen: Describes the Static Routes screen in TrueNAS CORE.
IPMI Screen: Describes the fields on the IPMI screen in TrueNAS CORE.

Storage: Reference documentation for the various screens within the Storage menu option.

Pools: Lists the screens related to Pools in TrueNAS CORE.
Snapshots Screens: Describes the Snapshots screens on TrueNAS CORE.
VMware-Snapshots Screen: Describes the fields in the VMware Snapshot screen on TrueNAS CORE.
Disks Screens: Describes the fields in the Disk Screens in TrueNAS CORE.

Directory Services: Reference documentation of the Directory Services screens.

Active Directory Screen: Use the AD screen to configure Active Directory (AD) on TrueNAS CORE.
Idmap Screen: Use the Idmap screen to configure Identity Mapping (Idmap) on TrueNAS CORE.
LDAP Screen: Use the LDAP screen to configure Lightweight Directory Access Protocol (LDAP) server settings on TrueNAS CORE.
NIS Screen: Use the NIS screen to configure Network Information System (NIS) on TrueNAS CORE.
Kerberos Screens: Use the Kerberos screen to configure to configure Kerberos realms and keytabs on TrueNAS CORE.

Sharing: Reference documentation for all screens within the Sharing menu option.

AFP Share Screen: Provides information about the AFP Share screen in TrueNAS CORE.
Block Shares (iSCSI): Provides information about iSCSI terminology and configuration for TrueNAS CORE.
NFS Share Screen: Use the NFS share screen to configure Network File System (NFS) shares on your TrueNAS.
WebDAV Screen: Use the Sharing WebDAV screen to configure Web Distributed Authoring and Versioning (WebDAV) on your TrueNAS.
SMB Share Screen: Desctibes the SMB sharing screen in TrueNAS CORE

Services: Provides information on the Services screen and lists other services UI reference articles.

AFP Screen: Describes the AFP screen in TrueNAS CORE.
Dynamic DNS Screen: Describes the DDNS screen in TrueNAS CORE.
FTP Screen: Describes the FTP screen in TrueNAS CORE.
LLDP Screen: Describes the LLDP screen in TrueNAS CORE.
NFS Screen: Describes the NFS screen in TrueNAS CORE.
OpenVPN Screen: Describes the OpenVPN screen in TrueNAS CORE.
S.M.A.R.T. Screen: Describes the S.M.A.R.T. screen in TrueNAS CORE.
S3 Screen (deprecated): Describes the S3 screen in TrueNAS CORE. This service is deprecated.
SMB Service Screen: Describes the SMB screen in TrueNAS CORE.
SNMP Screen: Describes the SNMP screen in TrueNAS CORE.
SSH Screen: Describes the SSH screen in TrueNAS CORE.
TFTP Screen: Describes the TFTP screen in TrueNAS CORE.
UPS Screen: Describes the UPS screen in TrueNAS CORE.
WebDAV Services Screen: Describes the WebDAV screen in TrueNAS CORE.

Jails, Plugins and Virtual Machines (Obsolete): Reference documentation for the obsolete Jails, Plugins, and Virtual Machines screens.

Jails Screens (Obsolete): Describes the fields in the obsolete Jails screen in TrueNAS 13.3.
Virtual Machines (Obsolete): Describes the fields in the obsolete Virtual Machines screen in TrueNAS 13.3.
Plugins Screens (Obsolete): Describes the obsolete Plugins screen in TrueNAS 13.3.

Reporting: Contains information about the graphs displayed on the Reporting screen in TrueNAS CORE.

Top Menu

Across the top row are links to outside resources and buttons to control the system.

The options described from left to right:

Logos and Side Panel Controls
Status Icons
Task Manager
Alerts
Settings
Power

Click the links above to jump to the sections with details on these top toolbar options.

Logos and Side Panel Controls

The logo in the upper-left corner shows the installed TrueNAS software. Clicking the image takes you to the system Dashboard.

The next two buttons control how the side menu displays. Click the (menu icon) to hide or show the entire left side panel. Click the (chevron left icon) to collapse the left side panel to shortcut icons or expand to show icons and text.

Click the iXsystems logo to open the iXsystems corporate website in a new browser tab.

Status Icons

The remaining icons in the top menu show various statuses. They also provide system options.

The icon next to the iXsystems logo shows TrueCommand Cloud connection options. Clicking the icon shows options for signing up for TrueCommand Cloud. It also displays options for connecting/disconnecting from TrueCommand Cloud. When the system is not connected to TrueCommand Cloud the options are not available. The icon appears but is gray in color.

TrueNAS Enterprise compatible hardware has a (cloud with HA text) icon that shows the current status of High Availability (HA) on the system. A checkmark () cloud icon indicates HA is functional. An on top of the cloud icon indicates HA disabled or otherwise unavailable.

Task Manager

The (clipboard icon) is the system Task Manager. Click the icon to show a list of running or completed TrueNAS tasks. Tasks are sortable by their success or error State, task Method, and Progress. Typing text in the Filter field shows tasks that match the characters typed into the field. Clicking an entry shows more details about that task. This includes start and end timestamps.

Alerts

The (bell icon) contains system notification messages. The icon changes to when TrueNAS creates a new alert. Clicking the icon slides out a panel from the right side of the screen that lists each alert. Dismiss or reopen alerts in this panel. Dismissing an alert does not prevent it from recurring. TrueNAS might create a new alert if the alert conditions continue to exist on the system. Configure the alert system in System > Alert Settings.

Settings

The (gear icon) contains links to various system specific options.

Change Password is a shortcut for changing the administrator (root) account password. Password required to log in to the TrueNAS web interface. Back up or otherwise memorize the updated password when changing it.

Preferences contains theme and other visual options for the web interface:

Preferences Options

Name	Description
Choose Theme	Select a preferred theme from the dropdown list. There are several built-in themes designed for light and dark modes. High contrast viewing options of the web interface are also listed.
Prefer buttons with icons only	Select to preserve screen space using icons and tooltips instead of text labels.
Enable Password Toggle	Select to display an eye icon next to password fields. Clicking the icon reveals the password.
Reset Table Columns to Default	Select to reset all tables to display system default table columns.
Retro Logo	Select to revert branding back to FreeNAS.
Reset All Preferences to Default	Select to reset all user preferences to their default values. Preserves custom themes.
Update Preferences	Click to save changes to the General Preferences.

Click Create New Theme on this screen to create and manage custom themes.

API Keys opens the API Keys screen where you can create or view API keys on the system. Click Add to create a new API key. Click Docs to open the API documentation for the current release.

About opens the TrueNAS CORE looking for help widget. This same widget is available on the system Dashboard, and provides links to the TrueNAS Documentation, community forum, TrueNAS CORE Enterprise web sites.

Power

The (power icon) has the options for changing the system state.

Log Out exits the web interface and shows the login screen. The system remains powered on.

Restart initiates a power cycle. The web interface closes. Discontinues power to the system which is then re-enabled. The login screen appears when the boot cycle completes.

Shut Down exits the web interface. The process to safely discontinue power to the system begins. The system remains offline until the power situation corrects.

Alert Notifications: Displays system alerts and provides options to dismiss or reopen dismissed alerts on your TrueNAS.

Interface Preferences: Displays a list of general preferences for your TrueNAS.

Task Manager: Displays a list of tasks performed by your TrueNAS.

Task Manager

The Task Manager displays a list of tasks performed by the TrueNAS system. It starts with the most recent. Click the to open the Task Manager.

TaskManager

Name	Description
Filter	Search function to locate or filter the list for a particular running task.
View Logs	Tasks with log file output have a View Logs button to show the log files.
State	Column header for tasks that shows the current condition of the task. Indicates whether the task completed or is still in progress. Click State to sort by this column.
Method	Column header for tasks that indicates both the name of the task and the method used. Click Method to sort by this column.
Progress	Column header for tasks that indicates the progress of the the task. Measured by percentage from start to completion. Click Progress to sort by this column.
CLOSE	Closes the Task Manager dialog. Click anywhere off the dialog or use the `Esc` to close this dialog.

Alert Notifications

The Alert Notifications panel displays system alerts. It provides options to dismiss or reopen dismissed alerts on your TrueNAS.

AlertsPanel

Alerts Panel Options

Name	Description
Dismiss	Dismisses a single alert.
Re-Open	Re-opens a recently dismissed alert.
Dismiss All Alerts	Dismisses all alerts.
Re-Open All Alerts	Displays at the bottom of the panel if you dismiss more than one alert. Click to re-open all dismissed alerts if they are still active.

Alert Levels

Level	Icon
Notification
Warning
Critical
One-shot Critical

Interface Preferences

There are a few adjustable interface preferences. Also included is a built-in theme editor for creating your own TrueNAS color schemes.

To access user preferences, click > Preferences. This page has options to adjust global settings in the web interface. There are also options to manage custom themes and create new themes.

InterfacePreferences

General Preferences

Name	Description
Choose Theme	Select a preferred theme from the dropdown list. Pre-built and custom themes are visible here.
Prefer buttons with icons only	Select checkbox to preserve screen space. Displays icons and tooltips instead of text labels.
Enable Password Toggle	Select the checkbox to make an eye icon appear next to password fields. Click the icon to reveal the password.
Reset Table Columns to Default	Select the checkbox to reset the display of all table columns as the system default.
Retro Logo	Select the checkbox to revert branding back to FreeNAS.
Reset All Preferences to Default	Select the checkbox to reset all user preferences to their default values. Does not reset custom themes.
UPDATE PREFERENCES	Click the button to apply the current checkbox settings to the web interface.

Manage Custom Themes

Name	Description
theme name (variable)	Use the checkbox to select a custom theme if listed.
DELETE SELECTED	Click the button to remove each selected custom theme from the system.
CREATE NEW THEME	Click the button to open the theme editor.

Custom Theme Editor

Preferences Custom Theme

Create Theme

Name	Description
Load colors from existing theme	Select the theme option from the dropdown list. Imports settings into the Create Theme and Preview tabs.
GENERAL	Click to display the GENERAL tab with the primary options for a new theme.
COLORS	Click to display the COLORS tab with color options for a new theme.
PREVIEW	Click to display the PREVIEW tab. The PREVIEW updates to reflect current selections.

GENERAL

Name	Description
Custom Theme Name	Enter a name to identify the new theme.
Menu Label	Enter a short name to use in the TrueNAS web interface menus.
Description	Enter a short description of the new theme.
Choose Primary	Select a generic color from the dropdown list to use as the primary theme color. Or import a specific color setting.
Choose Accent	Select a generic color from the dropdown list to use as the accent color for the theme. Or import a specific color setting.
Choose Topbar	Select a color from the dropdown list to use as the color for the top menu bar in the web interface.
SUBMIT	Click to save the current selections and create the new theme.
CANCEL	Click to return to the Preferences screen without creating a new theme.

COLORS

Name	Description
Background 1	Click on the color swatch or enter a hex value. This value applies to the bg1 option in the GENERAL tab.
Background 2	Click on the color swatch or enter a hex value. This value applies to the bg2 option in the GENERAL tab.
Foreground 1	Click on the color swatch or enter a hex value. This value applies to the fg1 option in the GENERAL tab.
Foreground 2	Click on the color swatch or enter a hex value. This value applies to the fg2 option in the GENERAL tab.
Alt Background 1	Click on the color swatch or enter a hex value. This value applies to the alt-bg1 option in the GENERAL tab.
Alt Background 2	Click on the color swatch or enter a hex value. This value applies to the alt-bg2 option in the GENERAL tab.
Alt Foreground 1	Click on the color swatch or enter a hex value. This value applies to the alt-fg1 option in the GENERAL tab.
Alt Foreground 2	Click on the color swatch or enter a hex value. This value applies to the alt-fg2 option in the GENERAL tab.
Yellow	Click on the color swatch or enter a hex value. This value applies to the yellow option in the GENERAL tab.
Orange	Click on the color swatch or enter a hex value. This value applies to the orange option in the GENERAL tab.
Red	Click on the color swatch or enter a hex value. This value applies to the red option in the GENERAL tab.
Magenta	Click on the color swatch or enter a hex value. This value applies to the magenta option in the GENERAL tab.
Violet	Click on the color swatch or enter a hex value. This value applies to the violet option in the GENERAL tab.
Blue	Click on the color swatch or enter a hex value. This value applies to the blue option in the GENERAL tab.
Cyan	Click on the color swatch or enter a hex value. This value applies to the cyan option in the GENERAL tab.
Green	Click on the color swatch or enter a hex value. This value applies to the green option in the GENERAL tab.
SUBMIT	Click the button to save the current selections and create the new theme.
CANCEL	Click the button to return to the Preferences screen without creating a new theme.

PREVIEW

Name	Description
Global Preview	Color selections display in the PREVIEW. Click the toggle to turn the display of the PREVIEW widget on or off.

Preview

Name	Description
Buttons	This tab shows examples of web interface buttons. The buttons display with the current theme settings applied.
Forms	This tab shows examples of web interface form options. The options display with the current theme settings applied.

Dashboard

The web interface dashboard provides system details and shortcuts to various configuration screens.

DashboardCORE

Dashboard Cards

Card	Description
System Information	Shows simple system-level information about TrueNAS, including hardware name (with compatible systems), TrueNAS version, system hostname, and system uptime. Includes a button to update the installed version of TrueNAS.
CPU	Shows current CPU utilization and heat (with compatible hardware). Includes a shortcut icon to the in-depth CPU reporting screen.
Memory	Shows total memory available to the system and the current breakdown of memory usage. Includes a shortcut icon to the in-depth memory utilization screen.
Pool	Shows details about a configured storage pool. One card is created for each storage pool on the system. Includes shortcut icons to the pool configuration and statistics screens.
Interface	Shows details about system network interfaces, including current status and configuration details. Includes shortcut icons to the interface configuration and statistics screens.
TrueNAS Help	Contains links to verious documentation and assistance portals.

Accounts

This section has articles documenting the TrueNAS local User and Group screens.

Accounts Contents

Groups: Describes the fields on the Groups screen in TrueNAS CORE.

Users: Describes the fields on the Users screens in TrueNAS CORE.

Groups

The Groups screen lets you create and manage UNIX-style groups.

Groups List

UIRefGroupsList

Name	Description
Filter Groups	Filters groups by keyword.
COLUMNS	Lets users display/hide list columns.
ADD	Opens the Group Configuration form
	Displays/hides built-in groups
Group	Group name.
GID	Group ID number.
Builtin	Whether or not the group is built-in.
Permit Sudo	Whether or not the group has Permit Sudo enabled.
Samba Authentication	Whether or not the group has Samba Authentication enabled.

Groups Configuration

Fields with an * must be configured to submit or change the UI configuration.

UIRefGroupsAdd

Name	Description
GID	A unique number used to identify a Unix group.
Name	Descriptive name for the group.
Permit Sudo	Allows group members to act as the root account with sudo. Group members are prompted for their password when using sudo.
Samba Authentication	Allows group to be used for Samba permissions and authentication.
Allow Duplicate GIDs	Allows more than one group to have the same group ID.

Users

The Users screen lets you create and manage user accounts.

Users List

UIRefUsersList

Name	Description
Filter Users	Filters users by keyword.
COLUMNS	Lets users display/hide list columns. Username, UID, Builtin, and Full Name are default.
ADD	Opens the User ID and Groups form
	Displays/hides built-in users
Username	Descriptive name for the user.
UID	User ID number.
Builtin	Whether or not the user is built-in.
Full Name	Shows the saved Full Name of the account.

User Configuration

Fields with an * must be configured to submit or change the UI configuration.

UIRefUsersAdd

Identification

Name	Description
Full Name	Descriptive name for the user.
Username	User login name.
Email	User email address.
Password	User login password.
Confirm Password	Re-enter user password.

User ID and Groups

Name	Description
User ID	A unique number used to identify a user.
New Primary Group	Creates a new group with the same name as the user.
Primary Group	Primary group to add the user to.
Auxiliary Groups	Additional groups to add the user to.

Directories and Permissions

Name	Description
Home Directory	Path to the user home directory.
Home Directory Permissions	Default user home directory Unix permissions.

Authentication

Name	Description
SSH Public Key	Public SSH key for key-based authentication.
Disable Password	Enables/Disables password field.
Shell	The shell to use for local and SSH logins.
Lock User	Prevents user from logging in or using password-based services.
Permit Sudo	Enable or disable issuing commands as the root account with `sudo`.
Microsoft Account	Allows Windows authentication methods.
Samba Authentication	Lets users authenticate to Samba shares.

System

The TrueNAS CORE web interface System section has numerous features related to configuring the system and integrating it with specific environments or external accounts.

System Content

General: Describes the fields for the general system settings for TrueNAS CORE.

NTP Servers: Describes the fields for the NTP Server Settings screen on TrueNAS CORE.

Boot: Provides information about the Boot screen for the TrueNAS CORE.

Advanced: Describes the System > Advanced screen on TrueNAS CORE.

Email: Describes the Email screen on TrueNAS CORE.

System Dataset: Describes the System Dataset screen on TrueNAS CORE.

Reporting: Contains information about the Reporting screen on TrueNAS CORE.

Alert Services: Describes the fields on the Alert Services screen on TrueNAS CORE.

Alert Settings: Describes the Alert Settings screen on TrueNAS CORE.

Cloud Credentials: Describes the fields in the Cloud Credentials screen in TrueNAS CORE.

SSH Connections: Describes the SSH screen fields on TrueNAS CORE.

SSH Keypairs: Describes the SSH Keypair screen on TrueNAS CORE.

Tunables: Describes the Tunable screen fields on TrueNAS CORE.

Update: Describes the fields in the Update screen in TrueNAS CORE.

CAs: Describes the Certificate Authorities screen settings and functions.

Certificates: Explains the fields located on the Certificates screen in TrueNAS CORE.

ACME DNS: Describes the fields in the Add ACME DNS Authenticators screen on TrueNAS CORE.

Support: Describes the Support screen on TrueNAS CORE.

2FA (Two-Factor Authentication): Describes the Two-Factor Authentication User Settings screen on TrueNAS CORE.

General

System General

GUI

Name	Description
GUI SSL Certificate	The system uses a self-signed certificate to enable encrypted web interface connections. To change the default certificate, select a different certificate that was created or imported in the Certificates menu.
Web Interface IPv4 Address	Choose a recent IP address to limit the usage when accessing the administrative GUI. The built-in HTTP server binds to the wildcard address of 0.0.0.0 (any address) and issues an alert if the specified address becomes unavailable.
Web Interface IPv6 Address	Choose a recent IPv6 address to limit the usage when accessing the administrative GUI. The built-in HTTP server binds to the wildcard address of 0.0.0.0 (any address) and issues an alert if the specified address becomes unavailable.
Web Interface HTTP Port	Allow configuring a non-standard port to access the GUI over HTTP. Changing this setting might require changing a Firefox configuration setting.
Web Interface HTTPS Port	Allow configuring a non-standard port to access the GUI over HTTPS.
HTTPS Protocols	Cryptographic protocols for securing client/server connections. Select which Transport Layer Security (TLS) versions TrueNAS can use for connection security.
Web Interface HTTP -> HTTPS Redirect	Redirect HTTP connections to HTTPS. A GUI SSL Certificate is required for HTTPS. Activating this also sets the HTTP Strict Transport Security (HSTS) maximum age to 31536000 seconds (one year). This means that after a browser connects to the web interface for the first time, the browser continues to use HTTPS and renews this setting every year.

Localization

Name	Description
Language	Select a language from the drop-down menu.
Date Format	Choose a date format.
Console Keyboard Map	Select a keyboard layout.
Timezone	Select a time zone.
Time Format	Choose a time format.

Other Options

Name	Description
Crash reporting	Send failed HTTP request data which can include client and server IP addresses, failed method call tracebacks, and middleware log file contents to iXsystems.
Usage collection	Enable sending anonymous usage statistics to iXsystems.

SAVE CONFIG: Saves a backup copy of the current configuration database in the format hostname-version-architecture.

UPLOAD CONFIG: Browse to a previously saved configuration file to restore that configuration.

RESET CONFIG: Reset the configuration database to the default base version.

NTP Servers

SystemNTPServersAdd

NTP Server Settings

Name	Description
Address	Enter the hostname or IP address of the NTP server.
Burst	Recommended when Max. Poll is greater than 10. Only use on personal NTP servers or those under direct control. Do not enable when using public NTP servers.
IBurst	Speeds up the initial synchronization (seconds instead of minutes).
Prefer	Should only be used for highly accurate NTP servers such as those with time monitoring hardware.
Min Poll	The minimum polling interval, in seconds, as a power of 2. For example, 6 means 2^6, or 64 seconds. The default is 6, minimum value is 4.
Max Poll	The maximum polling interval, in seconds, as a power of 2. For example, 10 means 2^10, or 1,024 seconds. The default is 10, maximum value is 17.
Force	Forces the addition of the NTP server, even if it is currently unreachable.

Boot

UIRefBootScreen

Name	Description
Actions	Lets users add boot environments and check their stats/settings, as well as manage and scrub the boot pool.
Name	The name of the boot entry as it appears in the boot menu.
Active	Indicates which entry boots by default if a boot environment is not active.
Created	Indicates the boot environment creation date and time.
Space	Shows boot environment size.
Keep	Indicates whether or not TrueNAS deletes this boot environment when a system update does not have enough space to proceed.

Advanced

System > Advanced contains advanced options for configuring system settings.

These options have reasonable defaults in place. Make sure you are comfortable with ZFS, FreeBSD, and system configuration backup and restoration before making any changes.

SystemAdvancedSyslogTransportTLS

Console

Name	Description
Show Text Console without Password Prompt	Unset to add a login prompt to the system before the console menu is shown.
Enable Serial Console	Do not set this if the Serial Port is disabled. Serial Port and Serial Speed show when this is set.
Serial Port	When Enable Serial Console is set, the available serial port hex addresses are 0x2F8 or 0x3f8.
Serial Speeds	When Enable Serial Console is set, the available serial speeds the serial port can use are 9600 bps, 19200 bps, 38400 bps, 57600 bps, or 115200bps.
MOTD Banner	The message to show when a user logs in with SSH.

Storage

Name	Description
Swap Size in GiB	(CORE only) By default, all data disks are created with the amount of swap specified. Changing the value does not affect the amount of swap on existing disks, only disks added after the change. Does not affect log or cache devices as they are created without swap. Setting to 0 disables swap creation completely. STRONGLY DISCOURAGED
LOG (Write Cache) Overprovision Size in GiB	Overprovisioning a ZFS Log SSD can increase its performance and lifespan by distributing writes and erases across more drive flash blocks. Defining a number of GiB here overprovisions ZFS Log disks during pool creation or extension. Examples: 50 GiB, 10g, 5GB

GUI

Name	Description
Show Console Messages	Display console messages in real time at the bottom of the browser.
Show Advanced Fields by Default	Set to always show advanced fields, when available.

Kernel

Name	Description
Enable Autotune	Activates a tuning script which attempts to optimize the system depending on the installed hardware. Warning: Autotuning is only used as a temporary measure and is not a permanent fix for system hardware issues.
Enable Debug Kernel	Set to boot a debug kernel after the next system reboot.

Self-Encrypting Drive

Name	Description
ATA Security User	User passed to camcontrol security -u to unlock SEDs.
SED Password	Global password to unlock SEDs.

Syslog

Name	Description
Use FQDN for Logging	Set to include the Fully-Qualified Domain Name (FQDN) in logs to precisely identify systems with similar host names.
Syslog Level	When Syslog Server is defined, only logs matching this level are sent.
Syslog Server	Remote syslog server DNS host name or IP address. Add a colon and the port number to the host name to use nonstandard port numbers. For example: mysyslogserver:1928. Log entries are written to local logs and sent to the remote syslog server.
Syslog Transport	Transport Protocol for the remote system log server connection. Selecting Transport Layer Security (TLS) also requires selecting a preconfigured system certificate and certificate authority.
Syslog TLS Certificate	Select the preconfigured system certificate to use for authenticating the TLS protocol connection to the remote system log server from the dropdown list.
Syslog TLS Certificate Authority	The preconfigured system certificate authority to use for authenticating the TLS protocol connection to the remote system log server from the dropdown list.

Replication

Name	Description
Replication Tasks Limit	Limit the maximum number of replication tasks the system can execute simultaneously.

SAVE DEBUG generates text files that contain diagnostic information.

Email

General Options

General Options

Name	Description
From Email	The user account Email address for the From email address. You must configure the user account Email in Accounts > Users first.
From Name	The friendly name to show in front of the sending email address. Example: Storage System 01it@example.com

Send Mail Method

Name	Description
SMTP	Shows SMTP configuration options.
GMail OAuth	Shows GMail authentication options.

Send Mail Method

SMTP

System Email SMTP Options

Name	Description
Outgoing Mail Server	Hostname or IP address of SMTP server used for sending email.
Mail Server Port	SMTP port number. Typically 25/465 (secure SMTP), or 587 (submission).
Security	Choose an encryption type. Choices are Plain (No Encryption), SSL (Implicit TLS), or TLS (STARTTLS).
SMTP Authentication	Set when the SMTP server uses authentication credentials. Shows additional credentials options.
Username	Displays after selecing SMTP Authentication. The user name for the sending email account, typically the full email address.
Password	Displays after selecting SMTP Authentication. The password for the sending email account.

GMail OAuth

SystemEmailGMailOAuth

Name	Description
LOG IN TO GMAIL	Login to Gmail using OAuth.

System Dataset

The system dataset stores debugging core files, encryption keys for encrypted pools, and Samba4 metadata such as the user and group cache and share level permissions.

ConfigureSystemDataset

Name	Description
System Dataset Pool	Select the pool to contain the system dataset.
Syslog	Store system logs on the system dataset. Unset to store system logs in /var/ on the operating system device.

Reporting

TrueNAS has a built in reporting engine that displays helpful graphs and information about the system processes. TrueNAS uses Graphite for metric gathering and visualizations.

Configure system reporting on the System > Reporting screen.

SystemReporting

Name	Description
Graph Age in Months	Maximum time (in months) TrueNAS stores a graph. Allowed values are 1-60. Changing this value causes the Confirm RRD Destroy dialog to display. Changes do not take effect until TrueNAS destroys the existing reporting database.
Number of Graph Points	The number of points for each hourly, daily, weekly, monthly, or yearly graph. Allowed values are 1-4096. Changing this value displays the Confirm RRD Destroy dialog. Changes do not take effect until TrueNAS destroys the existing reporting database.
Reset to Defaults	Resets all entered values and settings back to defaults.

Report history is cleared after changing and saving CPU reporting, graph age, or graph points.

For information on the Reporting screen graphs see System Reporting.

Reporting data is saved and preserved across system upgrades and reboots. This allows viewing usage trends over time. This data is frequently written and should not be stored on the boot pool or operating system device. Reporting data is saved in /var/db/collectd/rrd/.

Alert Services

SystemAlertServicesAdd

Name and Type

Name	Description
Name	Name of the new alert service.
Enabled	Unset to disable this service without deleting it.
Type	Choose an alert service to display options for that service.
Level	Select the level of severity.

Authentication

AWS

Name	Description
AWS Region	Enter the AWS account region.
ARN	Topic Amazon Resource Name (ARN) for publishing. Example: `arn:aws:sns:us-west-2:111122223333:MyTopic`.
Key ID	Access Key ID for the linked AWS account.
Secret Key	Secret Access Key for the linked AWS account.

Name	Description
Email Address	Enter a valid email address to receive alerts from this system.

InfluxDB

Name	Description
Host	Enter the InfluxDB hostname.
Username	Username for this service.
Password	Enter password.
Database	Name of the InfluxDB database.
Series	InfluxDB time series name for collected points.

Mattermost

Name	Description
Webhook URL	Enter or paste the incoming webhook URL associated with this service.
Username	Mattermost username.
Channel	Name of the channel to receive notifications. This overrides the default channel in the incoming webhook settings.
Icon Url	Icon file to use as the profile picture for new messages. Example: https://mattermost.org/wp-content/uploads/2016/04/icon.png. Requires configuring Mattermost to override profile picture icons.

OpsGenie

Name	Description
API Key	Enter or paste the API key. Find the API key by signing into the OpsGenie web interface and going to Integrations/Configured Integrations. Click the desired integration, Settings, and read the API Key field.
API URL	Leave empty for default OpsGenie API.

PagerDuty

Name	Description
Service Key	Enter or paste the “integration/service” key for this system to access the PagerDuty API.
Client Name	PagerDuty client name.

Slack

Name	Description
Webhook URL	Paste the incoming webhook URL associated with this service.

SNMP Trap

Name	Description
Hostname	Hostname or IP address of the system to receive SNMP trap notifications.
Port	UDP port number on the system receiving SNMP trap notifications. The default is 162.
SNMPv3 Security Model	Enable the SNMPv3 security model.
SNMP Community	Network community string. The community string acts like a user ID or password. A user with the correct community string has access to network information. The default is public. For more information, see this helpful SNMP Community Strings tutorial.

VictorOps

Name	Description
API Key	Enter or paste the VictorOps API key.
Routing Key	Enter or paste the VictorOps routing key.

Alert Settings

System Alert Settings

Options

Name	Description
Set Warning Level	Customizes the importance of the alert. Each level of importance has a different icon and color to express the level of importance: Info, Notice, Warning, Error, Critical (Default), Alert, and Emergency.
Set Frequency	Adjust how often alert notifications are sent. Setting the Frequency to NEVER prevents that alert from being added to alert notifications, but the alert can still show in the web interface if it is triggered. Options: Immediately (Default), Hourly, Daily, and Never.

Alert Warning Levels

Level	Icon	Alert Notification?
1 INFO		No
2 NOTICE		Yes
3 WARNING		Yes
4 ERROR		Yes
5 CRITICAL		Yes
6 ALERT		Yes
7 EMERGENCY		Yes

Cloud Credentials

These providers are supported for Cloud Sync tasks in TrueNAS CORE:

OpenStack Swift
pCloud
SSH File Transfer Protocol (SFTP)
Storj iX
WebDAV
Yandex

SystemCloudCredentialsAddS3

Name and Provider

Name	Description
Name	Enter a name for the new credential.
Provider	Third-party Cloud service providers. Choose a provider to configure connection credentials.

Authentication

Amazon S3 Advanced Options

Name	Description
Endpoint URL	S3 API endpoint URL. When using AWS, the endpoint field can be empty to use the default endpoint for the region, and available buckets are automatically fetched. Refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints.
Region	AWS resources in a geographic area. Leave empty to automatically detect the correct public region for the bucket. Entering a private region name allows interacting with Amazon buckets created in that region. For example, enter us-gov-east-1 to discover buckets created in the eastern AWS GovCloud region.
Disable Endpoint Region	Select to prevent automatic detection of the bucket region. Select only if your AWS provider does not support regions.
User Signature Version 2	Select to force using Signature Version 2 to sign API requests. Select only if your AWS provider does not support default version 4 signatures.

BackBlaze B2

Name	Description
Key ID	Alphanumeric Backblaze B2 Application Key ID. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the application keyID string to this field.
Application Key	Backblaze B2 Application Key. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the applicationKey string to this field.

Box

Name	Description
Access Token	A User Access Token for Box. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl.

DropBox

Name	Description
Access Token	Access Token for a Dropbox account. A token must be generated by the Dropbox account before adding it here.

FTP

Name	Description
Host	FTP Host to connect to. Example: ftp.example.com.
Port	FTP Port number. Leave blank to use the default port 21.
Username	A username on the FTP Host system. This user must already exist on the FTP Host.
Password	Password for the user account.

Google Cloud Storage

Name	Description
Preview JSON Service Account Key	Contents of the uploaded Service Account JSON file.
Choose File	Upload a Google Service Account credential file. The file is created with the Google Cloud Platform Console.

Google Drive

Name	Description
Access Token	Token created with Google Drive. Access Tokens expire periodically and must be refreshed.
Team Drive ID	Only needed when connecting to a Team Drive. The ID of the top level folder of the Team Drive.

HTTP

Name	Description
URL	HTTP host URL.

Hubic

Name	Description
Access Token	Access Token generated by a Hubic account.

Mega

Name	Description
Username	MEGA account username.
Password	MEGA account password.

Microsoft Azure Blob Storage

Name	Description
Account Name	Microsoft Azure account name.
Account Key	Base64 encoded key for Azure Account

Microsoft One Drive

Name	Description
Access Token	Microsoft Onedrive Access Token. Log in to the Microsoft account to add an access token.
Drives List	Drives and IDs registered to the Microsoft account. Selecting a drive also fills the Drive ID field.
Drive Account Type	Type of Microsoft acount. Logging in to a Microsoft account automatically chooses the correct account type. Options: Personal, Business, Document_Library
Drive ID	Unique drive identifier. Log in to a Microsoft account and choose a drive from the Drives List drop-down to add a valid ID.

OpenStack Swift

Name	Description
User Name	Openstack user name for login. This is the OS_USERNAME from an OpenStack credentials file.
API Key or Password	Openstack API key or password. This is the OS_PASSWORD from an OpenStack credentials file.
Authentication URL	Authentication URL for the server. This is the OS_AUTH_URL from an OpenStack credentials file.
Auth Version	AuthVersion - optional - set to (1,2,3) if your auth URL has no version (rclone documentation).
Authentication Advanced Options
Tenant Name	This is the OS_TENANT_NAME from an OpenStack credentials file.
Tenant ID	Tenant ID - optional for v1 auth, this or tenant required otherwise (rclone documentation).
Auth Token	Auth Token from alternate authentication - optional (rclone documentation).

Advanced Options

Name	Description
Region Name	Region name - optional (rclone documentation).
Storage URL	Storage URL - optional (rclone documentation).
Endpoint Type	Endpoint type to choose from the service catalogue. Public is recommended, see the rclone documentation.

pCloud

Name	Description
Access Token	pCloud Access Token. These tokens can expire and require extension.
Hostname	Enter the hostname to connect to.

SFTP

Name	Description
Host	SSH Host to connect to.
Port	SSH port number. Leave empty to use the default port 22.
Username	SSH Username.
Password	Password for the SSH Username account.
Private Key ID	Import the private key from an existing SSH keypair or select Generate New to create a new SSH key for this credential.

WebDav

Name	Description
URL	URL of the HTTP host to connect to.
WebDav Service	Name of the WebDAV site, service, or software being used.
Username	WebDAV account username.
Password	WebDAV account password.

Yandex

Name	Description
Access Token	Yandex Access Token.

SSH Connections

SystemSSHConnectionsAddSemiAuto

Name and Method

Name	Description
Name	Name of this SSH connection. SSH connection names must be unique.
Setup Method	Manual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system. Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys.

Authentication

Name	Description
TrueNAS URL	Hostname or IP address of the remote system. A valid URL scheme is required. Example: `https://10.231.3.76`
Username	Username for logging in to the remote system.
Password	User account password for logging into the remote system.
Private Key	Choose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection.

More Options

Name	Description
Cipher	Standard is most secure, but has the greatest impact on connection speed. Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed. Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network.
Connect Timeout	Time (in seconds) before the system stops attempting to establish a connection with the remote system.

SSH Keypairs

System SSH Keypairs Add

Name	Description
Name	A unique name to identify this keypair. Automatically generated keypairs are named after the object that generated the keypair with " Key" appended to the name.
Private Key	See Public key authentication in SSH/Authentication.
Public Key	See Public key authentication in SSH/Authentication.

Tunables

Tunables manage TrueNAS sysctls, loaders, and rc.conf options.

SystemTunablesAdd

Name	Description
Variable	Enter the name of the loader, `sysctl`, or rc.conf variable to configure. loader tunables are used to specify parameters to pass to the kernel or load additional modules at boot time. rc.conf tunables are for enabling system services and daemons and only take effect after a reboot. sysctl tunables are used to configure kernel parameters while the system is running and generally take effect immediately.
Value	Enter a value to use for the loader, sysctl, or rc.conf variable.
Type	Creating or editing a sysctl immediately updates the Variable to the configured Value. A restart is required to apply loader or rc.conf tunables. Configured tunables remain in effect until deleted or Enabled is unset.
Description	Enter a description of the tunable.
Enabled	Enable this tunable. Unset to disable this tunable without deleting it.

Update

System Update

Name	Description
Check for Updates Daily and Download if Available	Check the update server daily for any updates on the chosen train. Automatically download an update if one is available. Click APPLY PENDING UPDATE to install the downloaded update.
(Refresh)	Check for updates.
Operation	Lists operations TrueNAS performs during the update.
Name	Operation name and version comparison.
Change log	Lists software changes based on TrueNAS project JIRA tickets.

CAs

CAInternalIntermediate

Identifier and Type

Setting	Description
Name	Descriptive identifier for this certificate authority.
Type	Select the CA type from the dropdown list of options. Select Internal CA for a certificate authority that functions like a publicly-trusted CA used to sign certificates for an internal network. This CA is not trusted outside the private network. Select Intermediate CA for a CA that lives between the root and end-entity certificates. Its main purpose is to define and authorize the types of certificates requested from the root CA. Select Import CA for a CA that allows importing an existing CA onto the system. For more information, see What are Subordinate CAs and Why Would You Want Your Own?.
Profiles	Select predefined certificate extensions from the dropdown list. Options are Opentvpn Root CA and CA. Choose a profile that best matches your certificate usage scenario.

Internal and Intermediate CAs

Certificate Options

Certificate options change based on the option selected in Type.

Setting	Description
Signing Certificate Authority	(Required) Select a previously imported or created CA. Displays when Type is set to Intermediate CA.
Key Type	(Required) Select the key type from the dropdown list of options. Default is RSA. Select EC for EC curve certificates. See Why is elliptic curve cryptography not widely used, compared to RSA? for more information about key types.
Key Length	(Required) Select the number of bits in the key used by the cryptographic algorithm from the dropdown list. Options are 1024, 2048 or 4096. For security reasons, a minimum key length of 2048 is recommended.
Digest Algorithm	(Required) Select the cryptographic algorithm to use from the dropdown list of options. Only change the default SHA256 if the organization requires a different algorithm.
Lifetime	(Required) Enter the lifetime of the CA specified in days.

Certificate Subject

Setting	Description
Country	(Required) Select the country of the organization from the dropdown list.
State	(Required) Enter the state or province of the organization.
Locality	(Required) Enter the location of the organization. For example, the city.
Organization	(Required) Enter the name of the company or organization.
Organizational Unit	Organizational unit of the entity.
Email	(Required) Enter the email address of the person responsible for the CA.
Common Name	Enter the fully-qualified hostname (FQDN) of the system. This name must be unique within a certificate chain.
Subject Alternate Names	(Required) Enter additional domains to secure for multi-domain support. Separate domains by pressing `Enter`. For example, if the primary domain is example.com, entering www.example.com secures both addresses.

Basic Constraints

Setting	Description
Enabled	Select to activate this certificate extension.
Path Length	Enter the number of non-self-issued intermediate certificates that can follow this certificate in a valid certification path. Entering 0 allows a single additional certificate to follow in the certificate path. Cannot be less than 0.
Basic Constraints Config	Select the basic constraints extension that identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate. See RFC 3280, section 4.2.1.10 for more information.

Authority Key Identifier

Setting

Description

Enabled

Select to activate this certificate extension.

Authority Key Config

Select the authority key identifier extension that provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification can be based on either the key identifier (the subject key identifier in the issuer certificate) or on the issuer name and serial number. See RFC 3280, section 4.2.1.1 for more information.

Extended Key Usage

Setting	Description
Enabled	Select to activate this certificate extension.
Usages	Select the options that identify the purpose for this public key from the dropdown list. Is used for end entity certificates. Multiple usages can be selected. Do not mark this extension critical when the Usage is ANY_EXTENDED_KEY_USAGE. Using both Extended Key Usage and Key Usage extensions requires that the purpose of the certificate is consistent with both extensions. See RFC 3280, section 4.2.1.13 for more details.
Critical Extension	Select to identify this extension as critical for the certificate. The certificate-using system must recognize critical extensions, or it will reject the certificate. The certificate-using system can ignore non-critical extensions and still approve the certificate.

Key Usage

Setting

Description

Enabled

Select to activate this certificate extension.

Key Usage Config

Select the key usage extension that defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the Digital Signature bits would be asserted. Likewise, when an RSA key should be used only for key management, the Key Encipherment bit would be asserted. See RFC 3280, section 4.2.1.3 for more information.

Import CAs

CAImport

Certificate Subject

Setting	Description
Certificate	Paste the certificate for the CA.
Private Key	Paste the private key associated with the Certificate when available. Provide a key at least 1024 bits long.
Passphrase	Enter the passphrase for the private key.
Confirm Passphrase	Confirm the passphrase for the Private Key.

Certificates

After you create or import a new certificate, bind it to the relevant service. For HTTPS binding, go to System > General and select the certificate you want to bind in the GUI SSL Certificate field.
For other services, such as SMB or FTP, bind the certificate within the Services screen. Click the Configure button next to the service you want to bind to, then select the certificate within the Certificate field.

CAInternalIntermediate

Identifier and Type

Name	Description
Name	Descriptive identifier for this certificate.
Type	Internal Certificate is used for internal or local systems. Certificate Signing Request is used to get a CA signature. Import Certificate allows an existing certificate to be imported onto the system. Import Certificate Signing Request allows an existing CSR to be imported onto the system.
Profiles	Predefined certificate extensions. Choose a profile that best matches your certificate usage scenario.

Internal Certificate and Certificate Signing Request

Certificate Options

Name	Description
Signing Certificate Authority (Internal Certificate)	Select a previously imported or created CA.
Key Type	See Why is elliptic curve cryptography not widely used, compared to RSA? for more information about key types.
EC Curve	Brainpool curves can be more secure, while secp curves can be faster.
Key Length	The number of bits in the key used by the cryptographic algorithm. For security reasons, a minimum key length of 2048 is recommended.
Digest Algorithm	The cryptographic algorithm to use. The default SHA256 only needs to be changed if the organization requires a different algorithm.
Lifetime	The lifetime of the CA specified in days.

Certificate Subject

Name	Description
Country	Select the country of the organization.
State	Enter the state or province of the organization.
Locality	Enter the location of the organization. For example, the city.
Organization	Enter the name of the company or organization.
Organizational Unit	Organizational unit of the entity.
Email	Enter the email address of the person responsible for the CA.
Common Name	Enter the fully-qualified hostname (FQDN) of the system. This name must be unique within a certificate chain.
Subject Alternate Names	Multi-domain support. Enter additional domains to secure. Separate domains by pressing `Enter`. For example, if the primary domain is example.com, entering www.example.com secures both addresses.

Basic Constraints

Name	Description
Enabled	Activate this certificate extension.
Path Length	How many non-self-issued intermediate certificates that can follow this certificate in a valid certification path. Entering 0 allows a single additional certificate to follow in the certificate path. Cannot be less than 0.
Basic Constraints Config	The basic constraints extension identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate. See RFC 3280, section 4.2.1.10 for more information.

Authority Key Identifier

Name

Description

Enabled

Activate this certificate extension.

Authority Key Config

The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer’s certificate) or on the issuer name and serial number. See RFC 3280, section 4.2.1.1 for more information.

Extended Key Usage

Name	Description
Enabled	Activate this certificate extension.
Usages	Identify the purpose for this public key. Typically used for end entity certificates. Multiple usages can be selected. Do not mark this extension critical when the Usage is ANY_EXTENDED_KEY_USAGE. Using both Extended Key Usage and Key Usage extensions requires that the purpose of the certificate is consistent with both extensions. See RFC 3280, section 4.2.1.13 for more details.
Critical Extension	Identify this extension as critical for the certificate. Critical extensions must be recognized by the certificate-using system or this certificate will be rejected. Extensions identified as not critical can be ignored by the certificate-using system and the certificate still approved.

Key Usage

Name

Description

Enabled

Activate this certificate extension.

Key Usage Config

The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the Digital Signature bits would be asserted. Likewise, when an RSA key should be used only for key management, the Key Encipherment bit would be asserted. See RFC 3280, section 4.2.1.3 for more information.

Import Certificate and Import Certificate Signing Request

ACME DNS

Automatic Certificate Management Environment (ACME) is available for automating certificate issuing and renewal.

Add DNS Authenticators

Name	Description
Name	Internal identifier for the authenticator.
Authenticator	DNS provider for the authenticator. Amazon Route 53 is the only supported DNS provider in TrueNAS CORE.
Access ID Key	Key generated by the Amazon Web Services account. See the AWS Access Key documentation for instructions to generate the key.
Secret Access Key	Key generated by the Amazon Web Services account. See the AWS Access Key documentation for instructions to generate the key.

Support

The Support screen displays system information. Users may also manage thier Enterprise license and create support tickets.

TrueNAS CORE

UIBugReport

Name	Description
Username	Your JIRA username.
Password	Your JIRA password.
Type	Select Bug when reporting an issue or Feature when requesting new functionality.
Category	Category that best describes the bug or feature.
Attach Debug	Generates and attaches an overview of the system hardware, build string, and configuration.
Subject	A descriptive title for the new issue.
Description	A one to three paragraph summary of the issue.
Browse…	Attaches screenshots that illustrate the problem.

2FA (Two-Factor Authentication)

TrueNAS offers Two-Factor Authentication (2FA) to ensure that a compromised administrator (root) password cannot be used by itself to gain access to the administrator interface.

UIRef2FA

2FA Configuration

User Settings

Name	Description
One Time Password (OTP) Digits	The number of digits in the One-Time Password. The default is 6, which is Google’s standard OTP length. Check your app/device settings before selecting this.
Interval	The lifespan (in seconds) of each OTP. Default is 30 seconds. The minimum is 5 seconds.
Window	Extends password validity beyond the Interval setting. For example, 1 means that one password before and after the current one is valid, leaving three valid passwords. Extending the window is useful in high-latency situations.
Enable Two-Factor Auth for SSH	Enable 2FA for system SSH access. We recommend leaving this DISABLED until after you successfully test 2FA with the UI.

System Generated Settings

Name	Description
Secret (Read-only)	The secret TrueNAS creates and uses to generate OTPs when you first enable 2FA.
Provisioning URI (includes Secret - Read-only)	The URI used to provision an OTP. TrueNAS encodes the URI (which contains the secret) in a QR Code. To set up an OTP app like Google Authenticator, use the app to scan the QR code or enter the secret manually into the app. TrueNAS produces the URI when you first activate 2FA.

Tasks

TrueNAS includes an easy-to-use interface for common tasks a sysadmin needs to preform on a NAS on a regular basis. These can roughly be broken down into three groups: system level, data backup, and ZFS tasks.

Tasks Contents

Cron Jobs: Describes the fields on the Cron Jobs screen on TrueNAS CORE.

Init/Shutdown Scripts: Explains the fields on the Init/Shutdown Script screen on TrueNAS CORE.

Rsync Tasks: Provides information about the Rsync Tasks screen on TrueNAS CORE.

S.M.A.R.T. Tests: Describes the fields on the S.M.A.R.T. Test screen on TrueNAS CORE.

Periodic Snapshot Tasks: Defines the fields in the Periodic Snapshot Tasks Screen on TrueNAS CORE.

Replication Tasks: Decribes the fields on the Replication Tasks screen for TrueNAS CORE.

Resilver Priority: Describes the Resilver Priority screen on TrueNAS CORE.

Scrub Tasks: Describes the fields on the Scrub Task screen on TrueNAS CORE.

Cloud Sync Tasks: Describes the Cloud Sync Tasks screen on TrueNAS CORE.

Advanced Scheduler: Describes the fields in the Advanced Scheduler in TrueNAS CORE.

Cron Jobs

TasksCronJobsAdd

Cron Job

Name	Description
Description	Enter a description of the cron job.
Command	Enter the full path to the command or script to be run.
Run as User	Select a user account to run the command. The user must have permissions allowing them to run the command or script.
Schedule	Select a schedule preset or choose Custom to open the advanced scheduler. Note that an in-progress cron task postpones any later scheduled instance of the same task until the running task is complete.
Hide Standard Output	Hide standard output (stdout) from the command. When cleared, any standard output is mailed to the user account cron used to run the command.
Hide Standard Error	Hide error output (stderr) from the command. When cleared, any error output is mailed to the user account cron used to run the command.
Enabled	Enable this cron job. When cleared, disable the cron job without deleting it.

Init/Shutdown Scripts

TasksInitShutdownScriptsAdd

Init/Shutdown Script

Name	Description
Description	Comments about this script.
Type	Select Command for an executable command or Script for an executable script.
Command	Enter the command with any options. When Script is selected, click the to define the path to the script file.
When	Pre Init is early in the boot process, after mounting filesystems and starting networking. Post Init is at the end of the boot process, before TrueNAS services start. Shutdown is during the system power off process.
Enabled	Enable this task. Clear to disable the task without deleting it.
Timeout	Automatically stop the script or command after the specified seconds.

Rsync Tasks

Remote sync is a utility that copies data across a network. Rsync first copies the initial data. Later copies contain only the data that is different between the source and destination files. This reduces network traffic. Use Rsync to create backups, and to synchronize data across systems.

Create a New Rsync Task

Go to Tasks > Rsync Tasks. The Rsync Tasks menu displays.

RsyncTaskAdd

Click ADD.

TasksRsyncTasksAddModeModule

Source

Name	Description
Path	Browse to the path to be copied. FreeBSD file path limits apply. Other operating systems can have different limits which might affect how they can be used as sources or destinations.
User	Select the user to run the rsync task. The user selected must have permissions to write to the specified directory on the remote host.
Direction	Direct the flow of data to the remote host. During a push, the dataset transfers to the remote module. During a pull, the dataset stores files from the remote system.
Description	Enter a description of the rsync task.

Schedule

Name	Description
Schedule	Select a schedule preset or select Custom to open the advanced scheduler.
Recursive	Select to include all sub-directories of the specified directory. When cleared, only the specified directory is included.

Remote

Name	Description
Remote Host	Enter the IP address or host name of the remote system that will store the copy. Use the format `username@remote_host` if the user name differs on the remote host.
Rsync Mode	Select to use a custom-defined remote module of the rsync server. Or to use an SSH configuration for the rsync task.

More Options

Name	Description
Times	Select to preserve modification times of files.
Compress	Select to reduce the size of data to transmit. Recommended for slow connections.
Archive	When selected, rsync runs recursively. Preserves symlinks, permissions, modification times, group, and special files. When run as root, owner, device files, and special files are also preserved. Equal to passing the flags `-rlptgoD` to rsync.
Delete	Delete files in the destination directory that do not exist in the source directory.
Quiet	Select to suppress informational messages from the remote server.
Preserve Permissions	Select to preserve original file permissions. Useful when the user is set to root.
Preserve Extended Attributes	Extended attributes are preserved, but must be supported by both systems.
Delay Updates	Saves a temporary file from each updated file to a holding directory until the end of the transfer. All transferred files renamed once the transfer is complete.
Auxiliary Parameters	Additional rsync(1) options to include. Separate entries by pressing `Enter`. Note: The emergency character must be escaped with a backslash \ or used inside single quotes (’*.txt’).
Enabled	Select to enable this rsync task. Clear to disable this rsync task without deleting it.

S.M.A.R.T. Tests

TasksSMARTTestsAdd

Name	Description
Disks	Select the disks to monitor from the dropdown list.
All Disks	Select to monitor every disk on the system with S.M.A.R.T. enabled. Leave clear to choose individual disks on the Disks dropdown list to include in the test.
Type	Select the test type from the dropdown list. Options are LONG, SHORT, CONVEYANCE or OFFLINE. See smartctl(8) for descriptions of each type. Some types degrade performance or take disks offline.
Description	Enter information about the S.M.A.R.T. test.
Schedule	Select a preset test schedule from the dropdown list. Select Custom to open the advanced scheduler and define a new schedule for running the test.

Periodic Snapshot Tasks

TasksPeriodicSnapshotAdd

Dataset

Name	Description
Dataset	Select a pool, dataset, or zvol.
Recursive	Select to take separate snapshots of the dataset and each of its child datasets. Clear to take a single snapshot only of the specified dataset without child datasets.
Exclude	Exclude specific child datasets from the snapshot. Use with recursive snapshots. List paths to any child datasets to exclude. Example: `pool1/dataset1/child1`. A recursive snapshot of pool1/dataset1 will include all child datasets except child1. Separate entries by pressing `Enter`.

Schedule

Name	Description
Snapshot Lifetime	Define a length of time to retain the snapshot on this system using a numeric value and a single lowercase letter for units. Examples: 3h is three hours, 1m is one month, and 1y is one year. Does not accept Minute values. After the time expires, the snapshot is removed. Snapshots which have been replicated to other systems are not affected.
Naming Schema	Snapshot name format string. The default is `auto-%Y-%m-%d_%H-%M`. Must include the strings `%Y`, `%m`, `%d`, `%H`, and `%M`, which are replaced with the four-digit year, month, day of month, hour, and minute as defined in strftime(3). For example, snapshots of pool1 with a Naming Schema of `customsnap-%Y%m%d.%H%M` have names like pool1@customsnap-20190315.0527.
Schedule	Choose one of the presets or Custom to use the advanced scheduler.
Allow Taking Empty Snapshots	Creates dataset snapshots even when there have been no changes to the dataset from the last snapshot. Recommended for long-term restore points, multiple snapshot tasks pointed at the same datasets, or compatibility with snapshot schedules or replications created in TrueNAS 11.2 and earlier. For example, allowing empty snapshots for a monthly snapshot schedule allows that monthly snapshot to be taken, even when a daily snapshot task has already taken a snapshot of any changes to the dataset.
Enabled	To activate this periodic snapshot schedule, select this option. To disable this task without deleting it, clear this option.

Replication Tasks

Basic Creation

TasksReplicationTasksAdd

What and Where

Name	Description
Load Previous Replication Task	Use settings from a saved replication.
Source Location	Storage location for the original snapshots that are replicated.
Destination Location	Storage location for the replicated snapshots.
Task Name	Name of this replication configuration.

Source Location: On this System

Name	Description
Source	Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator. Selecting a location displays the number of existing snapshots that can be replicated. Selecting a location that has no snapshots configures the replication task to take a manual snapshot of that location and replicate it to the destination.
Recursive	Select to also replicate all snapshots contained within the selected source dataset snapshots. Clear to only replicate the selected dataset snapshots.
Replicate Custom Snapshots	Replicate snapshots that are not created by an automated snapshot task. Requires setting a naming schema for the custom snapshots.
Naming Schema	Pattern of naming custom snapshots replicated. Enter the name and strftime(3) {0}, {1}, {2}, {3}, and {4} strings that match the snapshots to include in the replication. Separate entries by pressing `Enter`. The number of snapshots matching the patterns display.

Source Location: On a Different System

Name	Description
SSH Connections	Select an existing SSH connection to a remote system or choose Create New to create a new SSH connection.
Source	Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator. Selecting a location displays the number of existing snapshots that can be replicated. Selecting a location that has no snapshots configures the replication task to take a manual snapshot of that location and replicate it to the destination.
Recursive	Select to also replicate all snapshots contained within the selected source dataset snapshots. Clear to only replicate the selected dataset snapshots.
Naming Schema	Pattern of naming custom snapshots to be replicated. Enter the name and strftime(3) {0}, {1}, {2}, {3}, and {4} strings that match the snapshots to include in the replication. Separate entries by pressing `Enter`. The number of snapshots matching the patterns are shown.
SSH Transfer Security	Data transfer security. The connection is authenticated with SSH. Data can be encrypted during transfer for security or left unencrypted to maximize transfer speed. Encryption is recommended, but can be disabled for increased speed on secure networks.

Destination Location: On this System

Name

Description

Destination

Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshot storage.

Encryption

Select to use encryption when replicating data. Additional encryption options appear.

Destination Location: On a Different System

Name	Description
SSH Connections	Select a saved remote system SSH connection or choose Create New to create a new SSH connection.
Destination	Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshot storage.
Encryption	Select to use encryption when replicating data. Additional encryption options appear.

When

Name	Description
Replication Schedule	Text
Destination Snapshot Lifetime	When replicated snapshots are deleted from the destination system. Same as Source uses the configured snapshot lifetime value from the source dataset periodic snapshot task. Never Delete never deletes snapshots from the destination system. Custom sets a how long a snapshot remains on the destination system. Enter a number and choose a measure of time from the dropdown list.
Schedule	Select specific times to snapshot what you specified in Source Datasets and replicate the snapshots to the location in Destination Dataset. Select a preset schedule or choose Custom to use the advanced scheduler.

TasksReplicationTasksAddLocalSourceRemoteDestWeeklyCustomLife

Advanced Creation

TasksReplicationAddAdvanced

General

Name	Description
Name	Descriptive name for the replication.
Direction	PUSH sends snapshots to a destination system. PULL connects to a remote system and retrieves snapshots matching a naming schema.
Transport	SSH is supported by most systems. It requires a previously created connection in System > SSH Connections. SSH+NETCAT uses SSH to establish a connection to the destination system, then uses py-libzfs to send an unencrypted data stream for higher transfer speeds. This only works when replicating to a FreeNAS, TrueNAS, or other system with py-libzfs installed. LOCAL efficiently replicates snapshots to another dataset on the same system without using the network. LEGACY uses the legacy replication engine from FreeNAS 11.2 and earlier.
Number of retries for failed replications	Number of times the replication is attempted before stopping and marking the task as failed.
Logging Level	Message verbosity level in the replication task log.
Enabled	Activates the replication schedule.

Transport Options

Name	Description
SSH Connection	Choose a connection that has been saved in System > SSH Connections.
Stream Compression	Select a compression algorithm to reduce the size of the data being replicated. Only appears when SSH is chosen for Transport type.
Limit	Limit replication speed to this number of bytes per second.
Allow Blocks Larger than 128KB	Allow this replication to send large data blocks. The destination system must also support large blocks. This setting cannot be changed after it has been enabled and the replication task is created. For more details, see zfs(8).
Allow Compressed WRITE Records	Use compressed WRITE records to make the stream more efficient. The destination system must also support compressed WRITE records. See zfs(8).

Source

Name	Description
Source	Define the path to a system location that has snapshots to replicate. Click the folder to see all locations on the source system or click in the field to manually type a location (Example: pool1/dataset1). Multiple source locations can be selected or manually defined with a comma (,) separator.
Recursive	Replicate all child dataset snapshots. When selected, Exclude Child Datasets becomes available.
Include Dataset Properties	Include dataset properties with the replicated snapshots.
(Almost) Full Filesystem Replication	Completely replicate the selected dataset. The target dataset will have all of the properties, snapshots, child datasets, and clones from the source dataset.
Properties Exclude	List any dataset properties that will not be included with the replication.
Periodic Snapshot Tasks	Snapshot schedule for this replication task. Choose from previously configured periodic snapshot tasks. This replication task must have the same Recursive and Exclude Child Datasets values as the chosen periodic snapshot task. Selecting a periodic snapshot schedule removes the Schedule field.
Replicate Specific Snapshots	Only replicate snapshots that match a defined creation time. To specify which snapshots will be replicated, select this checkbox and define the snapshot creation times that will be replicated. For example, setting this time frame to Hourly will only replicate snapshots that were created at the beginning of each hour.
Also Include Naming Schema	Pattern of naming custom snapshots to include in the replication with the periodic snapshot schedule. Enter the strftime(3) strings that match the snapshots to include in the replication. When a periodic snapshot is not linked to the replication, enter the naming schema for manually created snapshots. Has the same {0}, {1}, {2}, {3}, and {4} string requirements as the naming schema in a periodic snapshot task. Separate entries by pressing `Enter`.
Saving Pending Snapshots	Prevent source system snapshots that have failed replication from being automatically removed by the Snapshot Retention Policy.

Destination

Name	Description
Destination	Define the path to a system location that stores replicated snapshots. Click the folder to see all locations on the destination system or click in the field to manually type a location path (Example: pool1/dataset1). Selecting a location defines the full path to that location as the destination. Appending a name to the path creates a new zvol at that location. For example, selecting pool1/dataset1 stores snapshots in dataset1, but clicking the path and typing /zvol1 after dataset1 creates zvol1 for snapshots.
Destination Dataset Read-only Policy	SET changes all destination datasets to readonly=on after finishing the replication. REQUIRE stops replication unless all existing destination datasets to have the property readonly=on. IGNORE disables checking the readonly property during replication.
Encryption	Select to use encryption when replicating data. Additional encryption options appear.
Encryption Key Format	Appears when Encryption is set. Choose between a Hex (base 16 numeral) or Passphrase (alphanumeric) style encryption key.
Passphrase	Appears when Encryption Key Format is set to PASSPHRASE. Enter an alphanumeric encryption key.
Store Encryption key in Sending TrueNAS database	Set to store the encryption key in the TrueNAS database.
Encryption Key Location in Target System	Appears when Store Encryption key in Sending TrueNAS database** is unset. Choose a temporary location for the encryption key that will decrypt replicated data.
Replication from scratch	If the destination system has snapshots but they do not have any data in common with the source snapshots, destroy all destination snapshots and do a full replication. Warning: enabling this option can cause data loss or excessive data transfer if the replication is misconfigured.
Snapshot Retention Policy	When replicated snapshots are deleted from the destination system. Same as Source: use the Snapshot Lifetime from from the source periodic snapshot task. Custom: define a Snapshot Lifetime for the destination system. None: never delete snapshots from the destination system.

Replication Schedule

Name	Description
Run Automatically	Select to either start this replication task immediately after the linked periodic snapshot task completes or continue to create a separate Schedule for this replication.
Schedule	Start time for the replication task.
Only Replicate Snapshots Matching Schedule	Appears when Schedule checkbox is set. Set to use the Schedule in place of the Replicate Specific Snapshots time frame. The Schedule values are read over the Replicate Specific Snapshots time frame.

Resilver Priority

TasksResilverPriority

Resilver Priority

Name	Description
Enabled	Select to run resilver tasks between the configured times.
Begin	Choose the hour and minute when a resilver process can run at a higher priority.
End	Choose the hour and minute after which a resilver process must return to running at a lower priority. A resilver process running after this time will likely take much longer to complete due to running at a lower priority compared to other disk and CPU activities, such as replications, SMB transfers, NFS transfers, Rsync transfers, S.M.A.R.T. tests, pool scrubs, user activity, etc.
Days of the Week	Select the days to run resilver tasks.

Scrub Tasks

TasksScrubTasksAdd

Scrub Task

Name	Description
Pool	Choose a pool to scrub.
Threshold days	Controls the task schedule by setting how many days must pass before a completed scrub can run again. If you schedule a scrub to run daily and set Threshold days to 7, the scrub attempts to run daily. If the scrub succeeds, it will check but won’t run again until seven days pass. Using a multiple of seven ensures the scrub runs on the same weekday.
Description	Describe the scrub task.
Schedule	How often to run the scrub task. Choose one of the presets or Custom to use the Advanced Scheduler.
Enabled	Clear to disable the scheduled scrub without deleting it.

Cloud Sync Tasks

TrueNAS can send, receive, or synchronize data with a Cloud Storage provider.

These providers are supported for Cloud Sync tasks in TrueNAS CORE:

OpenStack Swift
pCloud
SSH File Transfer Protocol (SFTP)
Storj iX
WebDAV
Yandex

TasksCloudSyncAdd

Transfer

Name	Description
Description	Enter a description of the Cloud Sync Task.
Direction	PUSH sends data to cloud storage. PULL receives data from cloud storage. Changing the direction resets the Transfer Mode to COPY.
Transfer Mode	SYNC: Files on the destination are changed to match those on the source. If a file does not exist on the source, it is also deleted from the destination. COPY: Files from the source are copied to the destination. If files with the same names are present on the destination, they are overwritten. MOVE: After files are copied from the source to the destination, they are deleted from the source. Files with the same names on the destination are overwritten.
Directory/Files	Select the directories or files to be sent to the cloud for Push syncs, or the destination to be written for Pull syncs. Be cautious about the destination of Pull jobs to avoid overwriting existing files.

Remote

Name	Description
Credential	Select the cloud storage provider credentials from the list of available Cloud Credentials.
Folder	Enter or select the cloud storage location to use for this task.

Control

Name	Description
Schedule	Select a schedule preset or choose Custom to open the advanced scheduler.
Enable	Enable this Cloud Sync Task. Clear to disable this Cloud Sync Task without deleting it.

Advanced Options

Name	Description
Follow Symlinks	Follow symlinks and copy the items to which they link.
Pre-script	Script to execute before running sync.
Post-script	Script to execute after running sync.
Exclude	List of files and directories to exclude from sync. Separate entries by pressing `Enter`. See rclone filtering for more details about the `--exclude` option.
Upload Chunk Size	Files are split into chunks of this size before upload. The number of chunks that can be simultaneously transferred is set by the Transfers number. The single largest file being transferred must fit into no more than 10,000 chunks.
Remote Encryption	Use rclone crypt to manage data encryption during PUSH or PULL transfers: PUSH: Encrypt files before transfer and store the encrypted files on the remote system. Files are encrypted using the Encryption Password and Encryption Salt values. PULL: Decrypt files that are being stored on the remote system before the transfer. Transferring the encrypted files requires entering the same Encryption Password and Encryption Salt that was used to encrypt the files. Additional details about the encryption algorithm and key derivation are available in the rclone crypt File formats documentation.
Transfers	Number of simultaneous file transfers. Enter a number based on the available bandwidth and destination system performance. See rclone –transfers.
Bandwidth Limit	A single bandwidth limit or bandwidth limit schedule in rclone format. Separate entries by pressing `Enter`. Example: 08:00,512 12:00,10MB 13:00,512 18:00,30MB 23:00,off. Units can be specified with the beginning letter: b, k (default), M, or G. See rclone –bwlimit.

Dry Run

TrueNAS connects to the Cloud Storage Provider and simulates a file transfer without sending or receiving data.

Advanced Scheduler

Tasks Advanced Scheduler

Name	Description
Choose a preset	Populates the rest of the fields.
Minutes	Minutes when the task runs.
Hours	Hours when the task runs.
Days	Days when the task runs.
Months	Months when the task runs.
Days of Week	Days of the week when the task runs.

Network

The TrueNAS CORE Network screens control how the system integrates into the overall network environment.

Network Contents

Interfaces Screen: Describes the fields in the Network Interface screen on TrueNAS CORE.

Network Summary Screen: Describes the fields in the Network Summary screen in TrueNAS CORE.

Global Configuration Screen: Describes how to use the Global Configuration screen in TrueNAS CORE.

Static Routes Screen: Describes the Static Routes screen in TrueNAS CORE.

IPMI Screen: Describes the fields on the IPMI screen in TrueNAS CORE.

Interfaces Screen

Use the Network > Interface Screen to add various network interfaces to your TrueNAS.

NetworkInterfacesScreen

Use the COLUMNS button to display options to modify the information displayed in the Interfaces table. Options are Type, Link State, DHCP, IPv6 Auto Configure, IP Addresses, Description, Active Media Type, Active Media Subtype, VLAN Tag, VLAN Parent Interface, Bridge Members, LAGG Ports, LAGG Protocol, MAC Address, MTU or Reset to Defaults.

Use ADD to display the Interface Add screen.

To see the details for any interface click the chevron_right symbol to the right of the interface.

Interface Detail Screen

Each interface has a detailed view with the current interface settings and additional actions available for the interface.

NetworkInterfaceDetailsScreen

Use EDIT to display the Network Interface Edit screen. Several settings are not editable and do not appear on the Edit screen.

Use RESET CONFIGURATION to reset the selected interface. Resetting the configuration interrupts network connectivity. The Reset Configuration dialog displays. You must select Confirm to activate the RESET CONFIGURATION button.

Interface Add Screen

The Interface Add screen displays additional configuration settings based on the type of interface selected.

NetworkInterfaceAddScreen

Interface Settings

Settings	Description
Type	Select the type of interface from the dropdown list. Select Bridge to create a logical link between mutliple networks. Select Link Aggregation to combine multiple network connections into a single interface. Select VLAN for a virtual LAN to partition and isolate a segment of the connection.
Name	Enter a name for the interface. Use the format bridgeX laggX or vlanX where X is a number representing a non-parent interface.
Description	Enter a description for the interface. For example, what it is used for.
DHCP	Select to enable DHCP. Leave checkbox clear to crate a static IPv4 or IPv6 configuration. Only one interface can be configured for DCHP.
Autoconfigure IPv6	Select to automatically configure the IPv6 address with rtsol(8). Only one interface can be configured this way.

Other Settings

Settings	Description
Disable Hardware Offloading	Select to turn off hardware offloading for network traffice processing. Warning! Disabling hardware offloading can reduce network performance, and is only recommended when the interface is managing jails, plugins or virtual machines.
MTU	A maximum transmission unit (MTU) is the largest protocol data unti that can be communicated. The largest workable MTU size varies with network interfaces and equipment. 1500 and 9000 are standard Ethernet MTU sizes. Leave blank restores this field to the default value of 1500.
Options	Enter additional parameters from ifconfig(8).

Other Settings

Settings	Description
IP Addresses	Select an IP address from the dropdown list to define an alias for the interface on this TrueNAS controller. The alias can be an IPv4 or IPv6 address.
ADD	Adds a row to configure another IP address. A DELETE button displays to allow you to delete the extra IP address.

Bridge Settings

Settings	Description
Bridge Members	Select network interfaces to include in the bridge from the dropdown list.

Link Aggreation Settings

Settings	Description
Lagg Protocol	Select the lagg protocol from the dropdown list. This determines the outgoing and incoming traffic ports. LACP is the recommended protocol if the network switch is capable of active LACP. Failover is the default protocol choice and should be used if the network switch does not support active LACP. See lagg(4) for more details.
Lagg Interfaces	Select the interfaces on your TrueNAS to use in the aggregation from the dropdown list. Warning! Lagg creation fails if any of the selected interfaces have been manually configured.

VLAN Settings

Settings	Description
Parent Interface	Select the VLAN parent interface on your TrueNAS from the dropdown list. Usually Ethernet card connected to a switch port configured for the VLAN. New link aggregations are not available until the system is restared.
Vlan Tag	Enter the numeric tag configured in the switched network. This is a required field.
Priority Code Point	Select the Class of Service from the dropdown list. The available 802.1p class of service ranges from Best effort (default) to Network control (highest)**.

Interface Edit Screen

The Interface Edit screen displays only the editable configuration settings for the inface selected.

NetworkInterfacesEditScreen

Interface Settings

Settings	Description
Name	Displays the name for the selected interface. This field cannot be edited.
Description	Enter a description for the interface. For example, what it is used for.
DHCP	Select to enable DHCP. Leave checkbox clear to crate a static IPv4 or IPv6 configuration. Only one interface can be configured for DCHP.
Autoconfigure IPv6	Select to automatically configure the IPv6 address with rtsol(8). Only one interface can be configured this way.

Other Settings

Settings	Description
Disable Hardware Offloading	Select to turn off hardware offloading for network traffic processing. Warning! Disabling hardware offloading can reduce network performance, and is only recommended when the interface is managing jails, plugins, or virtual machines.
MTU	A maximum transmission unit (MTU) is the largest protocol data unti that can be communicated. The largest workable MTU size varies with network interfaces and equipment. 1500 and 9000 are standard Ethernet MTU sizes. Leave blank restores this field to the default value of 1500.
Options	Enter additional parameters from ifconfig(8).

Other Settings

Settings	Description
IP Addresses	Select an IP address from the dropdown list to define an alias for the interface on this TrueNAS controller. The alias can be an IPv4 or IPv6 address.
ADD	Adds a row to configure another IP address. A DELETE button displays to allow you to delete the extra IP address.

Use APPLY to save changes to settings and return to the Interfaces screen.

Network Summary Screen

It is recommended to set up your system connections before setting up data sharing. This allows integrating TrueNAS into your specific security and network environment before attempting to store or share critical data.

Network Summary

The Network Summary gives a concise overview of the current network setup. Information about the currently active Interfaces, Default Routes, and Nameservers is provided. These areas are not editable.

NetworkSummaryScreen

Interfaces shows any configured physical bridge, LAGG, and vlan interfaces. All detected physical interfaces are listed, even when unconfigured. The IPv4 or IPv6 address displays when a static IP is saved for an interface.
Default Routes lists all saved TrueNAS Default Routes. Go to Network > Global Configuration to configure Default Routes.
Nameservers lists any configured DNS name servers that TrueNAS uses. To change this list, go to Network > Global Configuration. The TrueNAS Hostname and Domain, Default Gateway, and other options are available in Network > Global Configuration.

Additional Network Configuration Screens

Define any Static Routes in Network > Static Routes.

Out-of-band management is managed from Network > IPMI. This option is visible only when TrueNAS detects the appropriate physical hardware.

Global Configuration Screen

The Network > Global Configuration screen has all the general TrueNAS networking settings that are not specific to any interface.

Disruptive Change
Making changes to the network interface the web interface uses can result in losing connection to TrueNAS! Fixing any misconfigured network settings might require command line knowledge or physical access to the TrueNAS system.

Global Configuration Settings

NetworkGlobalConfigurationScreen

Options are organized into several categories.

Can these options be configured elsewhere?

Many of these interface, DNS, and gateway options are also configured in the Console Setup Menu. Be sure to check both locations when troubleshooting network connectivity issues.

Hostname and Domain

Many of these fields have default values you can change to meet requirements of the local network. The Hostname and Domain field values display on the Dashboard > System Information card. Some options only display when the appropriate hardware is present.

Setting	Description
Hostname	Enter the system host name. If an Enterprise system with two controllers, this is the first TrueNAS controller host name. Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Hostname (TrueNAS Controller 2)	Enter the host name of second TrueNAS controller (for HA only). Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Hostname (Virtual)	Ener the virtual host name. When using a virtualhost, this is also used as the Kerberos principal name. Enter the fully qualified host name plus the domain name. Upper and lower case alphanumeric, (.) and (-) characters are allowed.
Domain	Enter the system domain name.
Additional Domains	Enter additional domains to search. Separate entries by pressing `Enter`. Adding search domains can cause slow DNS lookups

Service Announcement

Setting	Description
NetBIOS-NS	Select to advertise the SMB service NetBIOS name. Legacy NetBIOS name server. Can be required for legacy SMB1 clients to discover the server. When advertised, the server appears in Network Neighborhood.
mDNS	Select to use the system host name (in Hostname) to advertise enabled and runnint services. Multicast DNS. For example, this controls if the server appears under Network on MacOS clients.
WS-Discovery	Select to use the SMB Service NetBIOS Name to advertise the server to WS-Discovery clients. This causes the computer to appear in the Network Neighborhood of modern Windows OSes.

DNS Servers

Setting	Description
Nameserver 1	Enter the primary DNS server IP address.
Nameserver 2	Enter the secondary DNS server IP address.
Nameserver 3	Enter the tertiary DNS server IP address.

Default Gateway

Setting	Description
IPv4 Default Gateway	Enter the IP address to use instead of the default gateway provided by DHCP for IPv4 service. Typically not set.
IPv6 Default Gateway	Enter the IP address to use instead of the default gateway provided by DHCP for IPv6 service. Typically not set.

Other Settings

Setting	Description
HTTP Proxy	Enter the proxy information for the network in the format http://my.proxy.server:3128 or http://user:password@my.proxy.server:3128.
Enable Netwait Feature	Select to prevents network services from starting until the interface can ping the addresses listed in the Netwait IP list.
Netwait IP List	Select only appears when Enable Netwait Feature is set. Enter a list of IP addresses to ping. Separate entries by pressing `Enter`. Each address is tried until one is successful or the list is exhausted. Leave empty to use the default gateway.
Host Name Database	Enter the database host name. Used to add one entry per line which is appended to /etc/hosts. Separate entries by pressing `Enter`. Use the format IP_address space hostname where multiple host names can be used if separated by a space. Hosts defined here are still accessible by name even when DNS is not available. See hosts for additional information.

Static Routes Screen

Use the Network Static Routes screen to define static routes on your TrueNAS. By default, no static routes are defined on a default TrueNAS system.

NetworkStaticRoutesScreen

Use the blue Columns button to display options to change the information displayed in the Static Routes table. Options are Unselect All, Gateway, Description or Reset to Defaults.

Use Add to dispay the Static Routes Add screen.

Static Route Add Screen

StaticRouteAddScreen

Setting	Description
Destination	Enter the desination IP using the format A.B.C.D/E where E is the CIDR mask.
Gateway	Enter the IP address of the gateway.
Description	Enter any notes or identifiers describing the static route.

The SUBMIT button activates after entering values in the required fields. Use CANCEL to exit without saving and retun to the Static Routes screen.

IPMI Screen

Use the Network > IPMI screen to configure the TrueNAS for an IPMI connection. The IPMI configuration screen provides a shortcut to the most basic IPMI configuration.

NetworkIPMIScreen

Setting	Description
TrueNAS Controller	Select a TrueNAS controller from the dropdown list. All IPMI changes are applied to that TrueNAS controller.
Channel	Select the communications channel to use from the dropdown list. Available channel numbers vary by hardware.
Password	Enter a password for connecting to the IPMI interface from a web browser. The password must include at least one upper case letter, one lower case letter, one digit, and one special character (punctuation, e.g. ! # $ %, etc.). It must also be 8-16 characters long.
DHCP	Select to use DHCP to set the IPv4 Address, IPv4 Netmask, and Ipv4 Default Gateway. If checkbox is clear you must manually enter these settings.
IPv4 Address	Enter the static IP address of the IPMI web interface. This is the address TrueNAS connects to when you click the MANAGE button.
IPv4 Netmask	Enter the subnet mask associated with the IP address.
IPv4 Default Gateway	Enter the default gateway of the IPv4 connection. This is associated with the IP address.
VLAN ID	Enter the VLAN identifier if the IPMI out-of-band management interface is not on the same VLAN as management networking.
IDENTIFY LIGHT	Displays a dialog to activate an IPMI identify light on the compatible connected hardware.
MANAGE	Connects the TrueNAS to the IPMI web interface login screen.

Use SAVE to save the IPMI settings.

See IPMI for more information.

Storage

Storage Contents

Pools: Lists the screens related to Pools in TrueNAS CORE.

Datasets Screens: Describes how to configure a dataset on TrueNAS CORE.
User and Group Quota Screens : Describes CORE Dataset User and Group Quota screen settings and functions.
Zvols Screen: Describes the fields in the Storage Pools Add Zvol screen in TrueNAS CORE.

Snapshots Screens: Describes the Snapshots screens on TrueNAS CORE.

VMware-Snapshots Screen: Describes the fields in the VMware Snapshot screen on TrueNAS CORE.

Disks Screens: Describes the fields in the Disk Screens in TrueNAS CORE.

Pools

Use the Storage Pools screens to add or manage storage pools on your TrueNAS. The Pools screen displays a table of all the pools and datasets configured in your TrueNAS.

Use the to display the Pools Actions dropdown list of pool operations.

Use ADD to display the Import Pool configuration wizard screens.

Use the for the root dataset to display the Action Menu for the root dataset which is different than the options for nested datasets. Use the for nested datasets to display the Action Menu for nested datasets. See Datasets Screen for more information on dataset screens.

Import Pools Screens

The import pool wizard has four configuration screens that allow you to add a new pool or import an existing pool based on the selection made.

Create or Import Pool Screen

Select the Create new Pool radio button to add a new pool and configure each setting.

Select the Import an existing pool to import an existing pool. See Importing a Pool for more information.

Use the CREATE POOL button to display the Create Pool screen which is the Pool Manager screen.

Pools Options

Displays a dialog with the Auto TRIM and Confirm checkoboxes. Auto TRIM allows TrueNAS to periodically check the pool disks for storage blocks it can reclaim.

Export/Disconnect

Displays a dialog with a warning about unavailable data, backing up data before exporting/disconnecting, and lists services that could be disrupted by the process. Select from the three options:

Setting	Description
Destroy data on this pool?	Select to destroy data on the pool disks.
Delete configuration of shares that used this pool?	Selected by default to delete share configurations listed.
Confirm Export/Disconnect	Activates the Export/Disconnect button.
Export/Disconnect	Use to display the confirmation dialog where you must enter the name of the pool and confirm you want to proceed with this operation.

Use CANCEL to exit the process and close the dialog.

Add Vdev

Displays the Pool Manager screen.

Use CANCEL to exit without saving and display the Pools screen.

Use ADD VDEVS to add vdevs to the exiting pool.

Scrub Pool

Displays a start-scrub confirmation dialog. Select Confirm to activate the START SCRUB button. Use CANCEL to exit back to the Pools screen without starting the scrub.

Expand Pool

Displays the Pool Status screen which displays the status of the pool, the datasets and the disks for the selected pool. Select the to display the options available to datasets and disks. Use the Expand Pool function to add a new disk to a single-disk stripe pool in order to create or re-create a mirror pool, if the disk capacity of the new disk meets the requirements.

Pool Manager Screen

The Pool Manager screen displays after selecting either the Create new Pool radio button on the Create or Import Pool screen or the Add Vdev option for an existing pool.

Pool Manager adds the initial vdev when you create the pool or want to add to an existing pool. At initial creation you have the option to select the type of vdev for this pool. When accessing Pool Manager for an existing pool from the Pool Actions dropdown and selecing Add Vdev, the pool vdev type is already specified and limits what you can add as a Data type vdev. For example, a pool with a mirror vdev requires you to add a minimum of two disks to the existing mirror. In order to transform a single disk stripe to a mirror, use Expand Pool.

Setting	Description
Name	Displays the name of the pool for which you are adding the vdev.
Encryption	Select to apply encryption to the storage pool. All datasets created on an encrypted pool inherit encryption from this root dataset.
RESET LAYOUT	Click to reset the proposed layout displayed. Click before you save to remove any vdev types selected and move disks assigned to any vdev back to the Available Disks list.
ADD VDEV	Displays a dropdown list of the types of vdevs on the system. Vdev types are Data, Cache, Log, Hot Spare, Metadata or Dedup. Click to add vdev types to an existing or new pool vdev setup.
Available Disks	List of available disks on the TrueNAS. Select the checkbox to the left of the disk and then select the blue to the right of the vdev type (if more than one vdev type exists or is added with the ADD VDEV button) to move the disks to that vdev. To move it back to the Available Disks list select the disk checkbox(es) and the blue .
Data VDevs	List of disks assigned to the vdev(s). To move disks back to the Available Disks list select the disk checkbox(es) and the blue symbol.
vdev type	Displays under the Data Vdevs table(s). For an existing pool, the default vdev type is the vdev type for that existing pool. For initial pool creation, the default type is Stripe. After adding disks to the Data VDevs a expand symbol displays with avaialbe options to change the default type of vdev (for example, if two disks are moved to a Data VDev, the Mirror option displays along with Strip).
Estimated raw capacity: 0 B	Displays the raw storage capacity of the disks for the data vdev type.
Filter disks by name	Click on to display the field where you enter the filter or search parameters.
Filter disks by capacity	Click on to display the field where you enter the filter or search parameters.

Use CANCEL to exit without saving and display the Pools screen.

Use CREATE to add the pool vdev.

Use ADD VDEVS to add vdevs to the exiting pool.

Pool Status Screen

The Pool Status screen which displays the status of the pool, the datasets and the disks for the selected pool.

Each Dataset has two options available from the . Select either Extend which displays the Extend Vdev dialog that allows you to select a new disk from a dropdown list, or Remove which displays a confirmation dialog before you remove the dataset from the pool.

Each disk has four options available from the :

Edit displays the Edit Pool Disk screen where you can change disk settings.

Offline displays the Offline Disk conformation dialog where you confirm you want to offline the disk. Select the Confirm checkbox to activate the OFFLINE button or click CANCEL to exit the dialog and return to the Pool Status screen.

Replace displays the Replacing disk dialog where you select the member disk from a dropdown list. Use Force to override safety checks and add the disk to the pool. Warning, this erases data on the disk!

Detach displays the Detach Disk dialog where you must select Confirm before the DETACH button activates. This detaches the disk from the pool.

Edit Pool Disk Screen

The Edit Pool Disk screen displays disk configutation settings.

Settings on the Edit Pool Disk screen are the same as those on the Storage > Disks > Edit Disk screen. See Disk Screens for more information on disk settings.

Pools Edit Permissions Screen

Use the Edit Permissions option on the parent dataset Dataset Actions menu to display the Edit Permissions screen. This option is only availble on the parent dataset. See Dataset Screens and Setting Up Permissions for more information on pool and dataset permissions.

Pools Contents

Datasets Screens: Describes how to configure a dataset on TrueNAS CORE.

User and Group Quota Screens : Describes CORE Dataset User and Group Quota screen settings and functions.

Zvols Screen: Describes the fields in the Storage Pools Add Zvol screen in TrueNAS CORE.

Datasets Screens

Use the Storage > Pools Add Dataset screen to add a dataset to your TrueNAS. A TrueNAS dataset is a file system that is created within a data storage pool. There are two settings options, BASIC OPTIONS and ADVANCED OPTIONS. Use the basic option unless you want to customize your dataset for specific uses cases.

Add Dataset Screen

Dataset Basic Options

Use SUBMIT without entering settings to quickly create a dataset with the default options or after entering settings to save and create the dataset.

Name and Options

The Name and Options fields are required to create the dataset. Datasets typically inherit most of these settings from the root or parent dataset, only a dataset name is required before clicking SUBMIT.

Setting	Description
Name	Enter a unique identifier for the dataset. The name cannot be changed after the dataset is created.
Comments	Enter notes about the dataset.
Sync	Select an option from the dropdown list. Select Standard uses the sync settings requested by the client software. Select Always to wait for data writes to complete, or select Disabled to never wait for writes to complete.
Compression level	Select an option to encode information in less space than the original data occupies. It is recommended to choose a compression algorithm that balances disk performance with the amount of saved space: lz4 is generally recommended as it maximizes performance and dynamically identifies the best files to compress. zstd is the Zstandard compression algorithm that has several options for balancing speed and compression. gzip options range from 1 for least compression, best performance, through 9 for maximum compression with greatest performance impact. zle is a fast algorithm that only eliminates runs of zeroes. lzjb is a legacy algorithm that is not recommended for use.
Enable Atime	Select an option from the dropdown list. Inherit (off) inherits from the pool. on updates the access time for files when they are read. off disables creating log traffic when reading files to maximize performance.
Encryption	Select Inherit (non-encrypted) to inherit the root or parent dataset encryption properties. Clear the checkmark to either not encrypt the dataset or to configure encryption settings other than those used by the root or parent dataset. See Encryption for more information on encryption.

Other Options

Use the Other Options to help tune the dataset for particular data sharing protocols:

Setting	Description
ZFS Deduplication	Select an option to transparently reuse a single copy of duplicated data to save spacefrom the dropdown list. Options are Inherit (off), on, verify or off. Deduplication can improve storage capacity, but is RAM intensive. Compressing data is generally recommended before using deduplication. Deduplicating data is a one-way process. *Deduplicated data cannot be undeduplicated!
Case Sensitivity	Select an option from the dropdown list. Sensitive assumes file names are case sensitive. Insensitive assumes file names are not case sensitive. Mixed understands both types of file names. Case sensitivity cannot be changed after the dataset is created!
Share Type	Select an option from the dropdown list to define the type of data sharing the dataset uses to optimize the dataset for that sharing protocol. Options are Generic or SMB. AFP type shares use SMB unless directed to select Generic. The type of share cannot be changed after the dataset is created!

Dataset Advanced Options

Use ADVANCED OPTIONS to add additional dataset settings such as quota management tools, basic ACL permissions and a few additional Other Options settings fields.

Quota Settings for this dataset and/or this dataset and its child datasets

Setting	Description
Quota for this datset	Enter an integer to define the maximum allowed space for the dataset. 0 disables quotas.
Quota warning alert at, %	Enter an integer to generate a warning level alert when consumed space reaches the defined percentage. By default, Inherit is selected and the dataset inherits this value from the parent dataset. Clear the checkmark to change the value.
Quota critical alert at, %	Enter an integer to generate a critical level alert when consumed space reaches the defined percentage. By default, Inherit is selected and the dataset inherits this value from the parent dataset. Clear the checkmark to change the value.
Reserved space for this dataset	Enter an integer to reserve additional space for datasets that contain logs which could eventually take up all the available free space. 0 is unlimited.

Figure 3: Add Dataset Advanced Options 2

Other Options

Additional Other Options settings

Setting	Description
Read-only	Select an option from the dropdown list. On prevents the dataset being modified. Off allows users accessing the dataset to modify its contents.
Exec	Select an option from the dropdown list. On allows processes to executd from within this dataset. Off prevents processes from executing in the dataset. It is recommended to set to On.
Snapshot directory	Select an option to control visibility of the .zfs directory on the dataset. Options are Visible or Invisible.
Copies	Select an option from the dropdown list to specify the number of duplicate ZFS user data copies stored on this dataset. Choose between 1, 2, or 3 redundant data copies. This can improve data protection and retention, but is not a substitute for storage pools with disk redundancy.
Record Size	Select an option from the dropdown list for the Logical block size in the dataset. Matching the fixed size of data, as in a database, could result in better performance.
ACL Mode	Select an option from the dropdown list to determine how chmod behaves when adjusting file ACLs. See the zfs `aclmode` property. Passthrough only updates ACL entries that are related to the file or directory mode. Restricted does not allow chmod to make changes to files or directories with a non-trivial ACL. An ACL is trivial if it can be fully expressed as a file mode without losing any access rules. Restricted is typically used to optimize a dataset for SMB sharing, but can require further optimizations. For example, configuring an rsync task with this dataset could require adding `--no-perms` in the Rsync task Auxiliary Parameters field.
Metadata (Special) Small Block Size	Enter an integer for the threshold block size for including small file blocks into the special allocation class (fusion pools). Blocks smaller than or equal to this value are assigned to the special allocation class while greater blocks are assigned to the regular class. Valid values are zero or a power of two from 512B up to 1M. The default size 0 means no small file blocks are allocated in the special class. Add a special class vdev to the pool before setting this property.

Edit Datasets Screen

Use the Storage > Pools Edit Dataset screen to change setting for an existing dataset. The settings are identical to the Add Dataset screens above. to access the Edit Dataset screens, click the for a dataset and select Edit Options.

Dataset Edit Permissions Screen

Use the Storage > Pools Edit Permissions screen to change permissions settings for a parent dataset. To access the Edit Permissions screens, click the for a dataset and select Edit Options.

Setting	Description
Dataset Path	Displays the dataset path for the selected dataset.

Owner Settings

Setting	Description
User	Either type to search for or use dropdown list to select an existing user on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply User	Select to confirm selected user. As a check on errors, if not selected the user is not submitted.
Group	Either type to search for or use dropdown list to select an existing group on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply Group	Select to confirm selected group. As a check on errors, if not selected the group is not submitted.

Access Settings

Setting	Description
Access Mode	Select the Read, Write and Execute checkboxes for User, Group, and Other to set the permissions levels.

Advanced Settings

Setting	Description
Apply Permissions Recursively	Select to apply permissions recursively to all directories and files within the current dataset.
Traverse	Select to apply permissions recursively to all child datasets of the current dataset.

USE ACL Manager Screen

Click USE ACL MANAGER to open the ACL editor to further customize permissions. After selecting the Select a preset ACL radio buttons on the Create an ACL dialog, select a Default ACL Option from the dropdown list. Options are OPEN, Restricted or HOME. Or Create a custom ACL and then click CONTINUE to display the Edit ACL screen with the default permissions for the option you selected.

File Information Settings

Setting	Description
Path	Displays the dataset path for the selected dataset.
User	Either type to search for or use dropdown list to select an existing user on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply User	Select to confirm selected user. As a check on errors, if not selected the user is not submitted.
Group	Either type to search for or use dropdown list to select an existing group on the system that controls this dataset. Dropdown list displays all user on the TrueNAS system.
Apply Group	Select to confirm selected group. As a check on errors, if not selected the group is not submitted.

Access Control List Settings - owner@, group@ and everyone@

Setting	Description
Who	Select from the dropdown list of options. Default for each of the three groups of settings is owner@, group@ and everyone@ but you can change this to either of these additional options User or Group. Selection modifies values displayed in other settings.
ACL Type	Select either Allow or Deny from the dropdown list to specify how permissions apply to the value selected in Who. Select Allow to grant the specified permissions or Deny to restrict the specified permissions.
Permissions Type	Select either Basic or Advanced from the dropdown list. Basic shows general permissions. Advanced shows each specific type of permission for finer control.
Permissions	Select the permissions to apply to the selected value in Who. The list of permissions changes based on the value selected in Permissions Type. See Permissions for more information on permissions by permissions type (Basic and Advanced).
Flags Type	Select the set of ACE inheritance flags to display. Options are Basic or Advanced. If Basic non-specific inheritance options show in the list. If Advanced the dropdown list shows specific inheritance settings for finer control.
Flags	Select how this ACE applies to newly created directories and files within the dataset. If Flag Type is set to Basic options are Inherit or No Inherit. If Flag Type is set to Advanced flags are File Inherit, Directory Inherit, No Propagate Inherit, Inherit Only, or Inherited.

Use ADD ACL ITEM to add another set of the ACL permission settings.

Select Apply permissions recursively to apply the ACL settings recursively to all directories and files in the current dataset.

USE PERMISSIONS EDITOR opens the Edit Permissions screen.

User and Group Quota Screens

TrueNAS allows setting data or object quotas for user accounts and groups cached on or connected to the system. Go to Storage > Pools, find the desired dataset, and click to open the Dataset Actions menu and see the User Quota and Group Quota options.

User Quotas Screen

Clicking User Quotas from the Dataset Actions menu shows the User Quotas screen.

UserQuotasScreenNoQuotas

Setting	Description
Filter User Quotas	Enter a string to show saved quotas that match the string.
Columns	Displays options to customize the table view to add or remove information. Options are Select All, ID, Data Quota, DQ Used, DQ % Used, Object Quota, Objects Used, OQ % Used, and Reset to Defaults. After selecting Select All the option toggles to Unselect All.
Actions	Shows additional options to manage or add entries to this screen.

Actions

Setting	Description
Toggle Display	Changes the view between filter and list views. By default, only user accounts with a quota are shown (filter view). Switching to the list view shows all available users, even if the user has no quota assigned.
Set Quotas (Bulk)	Opens the Set User Quotas screen to add quotas.

User Expanded View

Click the expand_more icon to display a detailed individual user quota view.

UserQuotasRootUserExpanded

Click the edit Edit button to display the Edit User window.

Edit User Configuration Window

The Edit User window allows modifying individual user data and object quota values.

Settings	Description
User	Displays the name of the selected user.
User Data Quota (Examples: 500KiB, 500M, 2 TB)	Enter the amount of disk space the selected user can use. Entering 0 allows the user to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
User Object Quota	Enter the number of objects the selected user can own. Entering 0 allows unlimited objects.

Click Set Quota to save changes or Cancel to close the window without saving.

Set User Quotas Screen

Click Actions > Set Quotas (Bulk) to see the Set User Quotas screen.

SetUserQuotasScreen

Set Quotas Settings

Settings	Description
User Data Quota (Examples: 500KiB, 500M, 2 TB)	Enter the amount of disk space the selected user can use. Entering 0 allows the user to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
User Object Quota	Enter the number of objects the selected user can own. Entering 0 allows unlimited objects.

Apply Quotas to Selected Users Settings

Settings	Description
Select Users Cached by this System	Select the users from the dropdown list of options.
Search for Connected Users	Click in the field to see the list of users on the system or type a user name and press `Enter`. A clickable list displays of found matches as you type. Click on the user to add the name. A warning dialog displays if there are not matches found.

Click Submit to set the quotas or Cancel to exit without saving.

Group Quotas Screens

Clicking Group Quotas from the Dataset Actions menu shows the Edit Group Quotas screen.

EditGroupQuotasNoGroups

The Edit Group Quotas screen displays the names and quota data of any groups cached on or connected to the system.

Setting	Description
Filter Group Quotas	Enter a string to show saved quotas that match the string.
Columns	Displays options to customize the table view to add or remove information. Options are Select All, ID, Data Quota, DQ Used, DQ % Used, Object Quota, Objects Used, OQ % Used, and Reset to Defaults. After selecting Select All the option toggles to Unselect All.
Actions	Shows additional options to manage or add entries to this screen.

Actions

Setting	Description
Toggle Display	Changes the view between filter and list views. By default, only group accounts with a quota are shown (filter view). Switching to the list view shows all available groups, even if the group has no quota assigned.
Set Quotas (Bulk)	Opens the Set Group Quotas screen to add quotas.

Group Expanded View

Click the expand_more icon to display a detailed individual group quota view.

EditGroupQuotasExpandedView

Click the edit Edit button to display the Edit Group window.

Edit Group Configuration Window

The Edit Group window allows you to modify the group data quota and group object quota values for an individual group.

EditGroupQuotaWindow

Settings	Description
Group	Displays the name of the selected group(s).
Group Data Quota (Examples: 500KiB, 500M, 2 TB)	Enter the amount of disk space the selected group can use. Entering 0 allows the group to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
Group Object Quota	Enter the number of objects the selected group can own or use. Entering 0 allows unlimited objects.

Click Set Quota to save changes or Cancel to close the window without saving.

Set Group Quotas Screen

Click **Actions > Set Quotas (Bulk) ** to see the Set Group Quotas screen.

SetGroupQuotasScreen

Set Quotas Settings

Settings	Description
Group Data Quota (Examples: 500KiB, 500M, 2 TB)	Enter the amount of disk space the selected group can use. Entering 0 allows the group to use all disk space. You can enter human-readable values such as 50 GiB, 500M, 2 TB, etc.). If units are not specified, the value defaults to bytes.
Group Object Quota	Enter the number of objects the selected group can own or use. Entering 0 allows unlimited objects.

Apply Quotas to Selected Groups Settings

Settings	Description
Select Groups Cached by this System	Select the users from the dropdown list of options.
Search for Connected Groups	Click in the field to see the list of groups on the system or type a group name and press `Enter`. A clickable list displays of found matches as you type. Click on the group to add the name. A warning dialog displays if there are no matches found.

Click Submit to set the quotas or Cancel to exit without saving.

Zvols Screen

Use the Storage > Pools Add Zvol screen to add a zvol to a pool.

AddZvolAdvancedOptionScreen

Basic Options

Setting	Description
Zvol name	Enter a short name for the zvol. Using a zvol name longer than 63-characters can prevent accessing zvols as devices. For example, a zvol with a 70-character filename or path cannot be used as an iSCSI extent. This setting is required.
Comments	Enter any notes about this zvol.
Size for this zvol	Specify size and value. Units like t, TiB, and G can be used. The size of the zvol can be increased later, but cannot be reduced. If the size is more than 80% of the available capacity, the creation fails with an out of space error unless Force size is also selected.
Force size	Select to force the system to create a zvol that brings a pool to over 80% capacity (not recommended). By default, the system does not create a zvol if that operation brings the pool to over 80% capacity.
Sync	Select an option from the dropdown list that sets the data write synchronization. Inherit sets zvol to get sync settings from the parent dataset, Standard uses the sync settings requested by the client software, Always that waits for data writes to complete,or Disabled that never waits for writes to complete.
Compression level	Select a compression option from the dropdown list. Select Off to not compress data to save space. Refer to Compression for a description of the available algorithms.
ZFS Deduplication	Do not change this setting unless instructed to do so by your iXsystems support engineer.
Sparse	Select to provide thin provisioning. Use with caution as writes fail when the pool is low on space.
Read-only	Select an option from the dropdown list to set whether the zvol can be modified. Options are Inherit to get and use the parent pool or root dataset settings, On to prevent modifying the zvol, or Off to allow the zvol to be modified.
Inherit (Encryption Options)	Select to enable the zvol to use the encryption properties of the root dataset.

Selecting ADVANCED OPTIONS adds one additional setting.

Setting	Description
Block size	select the default Inherit or select from the other dropdown list options 4KiB, 8KiB, 16KiB, 32KiB, 64KiB or 128KiB. See Creating a Zvol for more information on these options and block sizes.

SUBMIT activates after all required fields are populated. Use to save settings.

Use CANCEL to exit without saving settings and display the Pools screen.

Snapshots Screens

Use the Storage > Snapshots screens to create and manage snapshots on your TrueNAS.

StorageSnapshotsScreen

Use the to display the Show Extra Columns dialog, and after clicking SHOW, the Snapshot screen changes to display the blue COLUMNS button with options to modify the table information. It also changes the individual snapshots listed to show the individual snapshot action options from the more_vert rather than the navigate_next expand symbol that, after clicking on it, expands the selected snapshot to show details with the action options on the bottom of the expanded view of the snapshot. To return to the previous display click the to display the Hide Extra Columns dialog, and after clicking HIDE, the blue COLUMNS button no longer displays and the list of snapshots displays the navigate_next expand symbol.

Use ADD to display the Snapshot > Add screen.

Snapshot Add Screen

AddSnapShotScreen

Name	Description
Dataset	Select a dataset or zvol from the dropdown list to use as the storage location for snapshots.
Name	Enter a unique name. This cannot be used with the value in Naming Schema
Naming Schema	Used to generate a name for the snapshot from a previously created periodic snapshot task. This allows replication of the snapshot. Value cannot be used with a value specified in Name.
Recursive	Select to include child datasets of the selected dataset.

Use SUBMIT to save settings. Use CANCEL to exit without saving and display the Snapshots screen.

Snapshot Details Screen

The expanded snapshot view includes the creation date, space used, and the amount of data accessible by this dataset.

StorageSnapshoExpandedtInfoScreen

Name	Icon	Description
Delete	delete	Displays a delete confirmation dialog. Select Confirm to activate the DELETE button.
Clone to New Dataset		Displays the Clone to New Dataset screen.
Rollback	restore	Displays the Dataset Rollback From Snapshot dialog.

Dataset Rollback from Snapshot Dialog

WARNING: Rolling the dataset back destroys data on the dataset and can destroy additional snapshots that are related to the dataset. This can result in permanent data loss! Do not roll back until all desired data and snapshots are backed up.

DatasetRollbackFromSnapshot

Name	Description
Stop Rollback if Snapshot Exists	Select the safety level for the rollback action. Select the radio button that best fits. Rollback is canceled when the safety check finds additional snapshots that are directly related to the dataset being rolled back.
Newer intermediate, Child, and clone	Select to stop rollback when the safety check finds any related intermediate, child dataset, or clone snapshots that are newer than the rollback snapshots.
Newer Clone	Select to stop rollback when the safety check finds any related clone snapshots that are newer than the rollback snapshot.
No Safety Check (CAUTION)	Select to stop rollback if snapshot exists. The rollback destroys any related intermediate, child dataset, and cloned snapshots that are newer than the rollback snapshot.
Confirm	Select to confirm the selection and activate the ROLLBACK button.

See Creating Snapshots for more information on creating and managing snapshots.

VMware-Snapshots Screen

Use Storage > VMware-Snapshots to add a VMWare snapshot that coordinates ZFS snapshots when using TrueNAS as a VMware datastore.

StorageVMwareSnapshotsAdd

Name	Description
Hostname	Enter the IP address or host name of the VMware host. When clustering, use the IP address or host name of the vCenter server for the cluster.
Username	Enter a user account name created on the VMware host. The account must have permission to snapshot virtual machines.
Password	Enter the password associated with the value in Username.
ZFS Filesystem	Select a file system to snapshot from the dropdown list. Values populate from the VMWare host response.
Datastore	Select an option from the dropdown list after entering the Hostname, Username, and Password, click FETCH DATASTORES to populate the menu. Select the datastore to synchronize. Selecting a datastore also select any previously mapped datasets.

Use FETCH DATASTORES to have TrueNAS connect to the VMware host.

Disks Screens

Use the Storage > Disks screen to add or manage disks in your TrueNAS.

StorageDisksScreen

Use the blue Columns button to display a list of options to modify the information displayed in the list of disks.

Use the arrow_forward_ios expand symbol to the right of any disk on the list to expand that disk to show settings and actions for that disk.

Disk Information Screen

The Disks individual disk information screen includes details about the disk settings and status. It also provides access to disk actions the user can take.

StorageDiskInformationScreen

Use EDIT to display the Edit Disk screen.

Use MANUAL TEST to display the Manual S.M.A.R.T. Tests dialog where you can specify the type of test as LONG, SHORT, CONVEYANCE or OFFLINE.

Use S.M.A.R.T. TEST RESULTS to display the results of any S.M.A.R.T. tests executed on the system.

Use WIPE to delete obsolete data off an unused disk. This option does not display unless your disk is unused. See Wiping a Disk for more information on how to use this function.

Edit Disk Screen

The settings on the Edit Disk are the same as those on the Add Disk screen.

StorageDisksEditScreen

Settings	Description
Name	Enter the FreeBSD disk device name. For example, ada0.
Serial	Enter the serial number for this disk.
Description	Enter notes or a description for this disk. For example, where it is located or what it is used for.
HDD Standby	Select the option from the dropdown list for the minutes of inactivity before the drive enters standby mode. Select from Always On or the minutes in a range from 5 to 330. See this forum post for information on identifying spun down drives. Temperature monitoring is disabled for standby disks.
Force HDD Standby	Select to allow the drive to enter standby, even when non-physical S.M.A.R.T. operations could prevent the drive from sleeping.
Advanced Power Management	Select an option from the dropdown list to select a power management profile from the menu. Options are Disabled, Level 1 - Minimum power usage with Standby (spindown), Level 64 - Intermediate power usage with Standby, Level 127 - Maximum power usage with Standby, Level 128 - Minimum with power usage without Standby (no spindown), Level 192 - Intermediate power usage without Standby, Level 254 - Maximum performance, maximum power usage.
Acoustic Level	Select the option from the dropdown list to modify disks that understand AAM Options are Disabled, Minimum, Medium or Maximum.
Enable S.M.A.R.T.	Select to enable allowing the system to conduct periodic S.M.A.R.T. tests.
S.M.A.R.T. extra opitons	Enter additional smartctl(8) options.
Critical	Enter a numeric value to set the threshold temperature in Celsius. If the drive temperature is higher than this value, a LOG_CRIT level log entry is created and an email i s sent. 0 disables this check.
Difference	Enter a value where the the system reports if the drive temperature changed by this many degrees Celsius since the last report. 0 disables the report.
Informational	Enter a value where the system reports if the drive temperature is at or above this temperature in Celsius. 0 disables this report.
SED Password	Use to set or change the password of this SED. This password is used insead of the global SED password.
Clear SED Password	Select to chear the SED password for this disk.

Use SAVE to save settings and return the Disks screen or use CANCEL to exit without saving.

Import Disk Screen

Use the Import Disk screen to perform a one time disk import, only one disk at a time, on you TrueNAS system.

StorageImportDiskScreen

Settings	Description
Disk	Select the disk to import from the dropdown list. The import copies the data from the selected disk to an existing ZFS dataset. Only one disk can be imported at a time. This is a required field.
Filesystem type	Select one radio button option to specity the file system type that is on the disk to import. Options are UFS, NTFS, MSDOSFS or EXT2FS.
Destination Path	Browse to locate the dataset on the TrueNAS that is to hold the copied data.

The SAVE button activates after required fields are populated.

See Import Disks for more information on importing a disk into your TrueNAS.

Directory Services

Directory Services Contents

Active Directory Screen: Use the AD screen to configure Active Directory (AD) on TrueNAS CORE.

Idmap Screen: Use the Idmap screen to configure Identity Mapping (Idmap) on TrueNAS CORE.

LDAP Screen: Use the LDAP screen to configure Lightweight Directory Access Protocol (LDAP) server settings on TrueNAS CORE.

NIS Screen: Use the NIS screen to configure Network Information System (NIS) on TrueNAS CORE.

Kerberos Screens: Use the Kerberos screen to configure to configure Kerberos realms and keytabs on TrueNAS CORE.

Active Directory Screen

The Active Directory (AD) service shares resources in a Windows network environment. Go to Directory Services > Active Directory to set up AD on TrueNAS. The first Active Directory screen is a list of basic options.

ActiveDirectoryScreen

Basic Options

ActiveDirectoryScreenBasicOptions

Name	Description
Domain Name	Enter the Active Directory domain (example.com) or child domain (sales.example.com). Required field.
Domain Account Name	Enter the Active Directory administrator account name. Required field.
Domain Account Password	Enter the password for the Active Directory administrator account. Required when configuring a domain for the first time. After initial configuration, the password is not needed to edit, start or stop the service.
Enable (requires password or Kerberos principle)	Enable the Active Directory services. Must enter the Domain Account Password when selecting this option for the first time.

Click ADVANCED OPTIONS to access extra options shown below.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available or visible in the permissions editors.

Advanced Options

ActiveDirectoryScreenAdvancedOptions

Name	Description
Verbose logging	Select to log attempts to join the domain to /var/log/messages.
Allow Trusted Domains	Selected if you do not want the username to include a domain name. Clear the checkbox to force the domain names to be prepended to usernames. One possible reason to not select this value is to prevent username collisions when this is selected and there are identical usernames across multiple domains.
Use Default Domain	Leave checkbox clear to prepend the domain name to the user name. When not selected prevents name collisions when Allow Trusted Domains is set and multiple domains use the same user name.
Allow DNS Updates	Select to enable Samba to do DNS updates when joining a domain.
Disable FreeNAS Cache	Select to disable caching AD users and groups. This can help when unable to bind to a domain with a large number of users or groups.
Restrict PAM	Select to restrict SSH access in certain circumstances. When selected only members of BUILTIN\Administrators have SSH access.
Site Name	Enter the relative distinguished name of the site object in the Active Directory.
Kerberos Realm	Select an existing realm added in Directory Services > Kerberos Realms.
Kerberos Principal	Select the location of the principal in the keytab. Keytab created in Directory Services > Kerberos Keytabs.
Computer Account OU	The organizational unit where new computer accounts get created. OU strings read from top to bottom without RDNs. Use slashes (/) as delimiters, like Computers/Servers/NAS. Use the backslash (\) to escape characters but not as a separator. Backslash interpretation takes place at many levels. Backslashes might need doubling or even quadrupling to take effect. When left blank, new computer accounts get created in the Active Directory default OU.
AD Timeout	Number of seconds before timeout. To view the AD connection status, open the interface Task Manager.
DNS Timeout	Number of seconds before a timeout. Increase this value if AD DNS queries time out.
Winbind NSS Info	Select the schema to use when querying AD for user/group info from the dropdown list. rfc2307 uses the schema support included in Windows 2003 R2. sfu is for Service For Unix 3.0 or 3.5. sfu20 is for Service For Unix 2.0.
Netbios Name	The Netbios name of this NAS is truenas. This name must differ from the Workgroup name and be no greater than 15 characters.
NetBIOS alias	Alternative names that SMB clients can use when connecting to this NAS. Can be no greater than 15 characters.
LEAVE DOMAIN	Disconnects the TrueNAS system from the Active Directory.

Click SAVE to save settings.

Click BASIC OPTIONS to return to the Active Directory display of basic options only.

Click EDIT IDMAP to navigate to the Directory Services > Idmap screen.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.

Idmap Screen

On a system running Unix or a Unix-like OS, Idmap acts as a translator. Windows Security Identifier (SID)s convert to a user ID (UID) and group ID (GID). Use the Identity Mapping (Idmap) screen to configure Idmap service on the TrueNAS.

Click Edit IDMAP on the Active Directory > Advanced Options screen. The Edit Idmap screen displays. It lists all domains configured on the TrueNAS.

DirectoryServicesldmapScreenn

You can customize the information displayed in the Idmap table. Click the blue COLUMNS button to display a dropdown list of options. A check mark next to the option name means the column is currently visible. Select from Unselect All, Backend, DNS Domain Name, Range Low, Range High, Certificate or Reset to Defaults.

Click ADD to open the Idmap Add screen. Enable Active Directory before attempting to add new domains.

Click the icon to display the options for each domain, Edit or Delete.

Idmap Settings

Name	Description
Idmap Backend	Select the plugin interface for Windbind to use from the dropdown list. Plugin interfaces for Windbind use varying backends. These backends store SID/uid/gid mapping tables. The correct setting depends on the NAS deployment environment.
Name	Enter the pre-Windows 2000 domain name or select from the dropdown list.
DNS Domain Name	Enter the DNS name of the domain.
Range Low	Determines the range of UID/GID numbers which this Idmap backend translates. External credentials like a Windows SID must map to a UID or GID number inside this range. Ignores external credentials outside this range.
Range High	Determines the range of UID/GID numbers which this Idmap backend translates. External credentials like a Windows SID must map to a UID or GID number inside this range. Ignores external credentials outside this range.
SSSD Compat	Select to generate Idmap low range based on same algorithm that SSSD uses by default.

Click SAVE to save settings and return to the Idmap screen.

Click CANCEL to exit without saving and return to the Idmap screen.

LDAP Screen

Lightweight Directory Access Protocol (LDAP) is an industry standard. Directory information services deployed over an Internet Protocol (IP) network can use LDAP. Configure LDAP server settings on your TrueNAS using the Directory Services > LDAP screen.

DirectoryServicesLDAPScreen

Click SAVE to save settings.

Click ADVANCED OPTIONS to display extra LDAP configuration options.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.

Basic Options

LDAPBasicOptions

Name	Description
Hostname	Enter the LDAP server host names or IP addresses. Separate entries with an empty space. To create an LDAP failover priority list, enter more than one host name or IP address. If a host does not respond, the system tries the next host on the list. This continues until the new connection succeeds.
Base DN	Top level of the LDAP directory tree to use when searching for resources. For example, dc=test,dc=org.
Bind DN	Enter an administrative account name on the LDAP server. For example, cn=Manager,dc=test,dc=org.
Bind Password	Enter the password for the administrative account in Bind DN.
Enable	Select to activate the configuration. Leave checkbox clear to disable the configuration without deleting it.

Advanced Options

LDAPAdvancedOptions

Name	Description
Allow Anonymous Binding	Select to disable authentication and allow read and write access to any client.
Kerberos Realm	Select an option configured on your system from the dropdown list.
Kerberos Principle	Select an option configured on your system from the dropdown list.
Encryption Mode	Select an encryption mode for the LDAP connection from the dropdown list. Select OFF to not encrypt the LDAP connection. Select ON to encrypt the LDAP connection with SSL on port 636. Select START_TLS to encrypt the LDAP connection with STARTTLS. This option uses the default LDAP port 389.
Certificate	A certificate is not required when using a username and password. A certificate is not required when using Kerberos authentication. Select a certificate added to your system from the dropdown list. The default option is freenas_default. Or add a new LDAP certificate-based authentication for the LDAP provider to sign. See Certificate Signing Requests for more information.
Validate Certificates	Select to validate the authenticity of the certificate.
Disable LDAP User/Group Cache	Select to disable caching LDAP users and groups in large LDAP environments. When disabled, LDAP users and groups do not display on dropdown lists. They are still accepted when typed into fields.
LDAP timeout	Default value is 10 seconds. Increase if Kerberos ticket queries are not responding within the default time.
DNS timout	Default value is 10 seconds. Increase if DNS queries take too long to respond.
Samba Schema (DEPRECATED - see help text)	Samba 4.13.0 deprecated Samba Schema. Select if SMB shares need LDAP authentication and the LDAP server is already configured with Samba attributes. If selected, specify the type of schema from the Schema dropdown list.
Auxiliary Parameters	Enter for nslcd.conf.
Schema	Select the Samba schema from the dropdown list. Options are RFC2307 or RFC2307BIS.

Click SAVE to save settings and return to the LDAP screen.

Click BASIC OPTIONS to return to the LDAP display of basic options only.

Click EDIT IDMAP to navigate to the Directory Services > Idmap screen.

NIS Screen

NIS is a client–server directory service protocol. Usage scenarios include the distribution of user and host names between networked computers. Use the Directory Services > NIS screen to configure Network Information Service on your TrueNAS.

NIS is limited in scalability and security. For modern networks, LDAP has replaced NIS.

DirectoryServicesNIS

Name	Description
NIS Domain	Enter a name and list any NIS domain host names or IP addresses. Press `Enter` to separate server entries.
NIS Servers	Enter a name and list any NIS server host names or IP addresses. Press `Enter` to separate server entries.
Secure Mode	Select to have ypbind(8) refuse to bind to any NIS server not running as root on a TCP port over 1024.
Manycast	Select for `ypbind` to bind to the fastest responding server.
Enable	Select to enable the configuration. Leave checkbox clear to disable the configuration without deleting it.

Click SAVE to save configuration settings.

Click REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync. Or if fewer users than expected are available in the permissions editors.

Kerberos Screens

Kerberos is an authentication protocol. It allows nodes on a network to perform identity checks in a secure manner. Kerberos uses realms and keytabs to authenticate clients and servers. Go to Directory Services > Kerberos to configure Kerberos. These screens configure Kerberos realms and keytabs on your TrueNAS.

KerberosRealmsScreen

Both Kerberos Realms and Kerberos Keytabs display a table of what is currently on the system.

Click the blue Columns button to display a list of options. These options customize the table display. This button is available for both the realms and keytabs screens.

Click ADD to display the settings screens for either realms or keytabs.

Select Kerberos Settings to open the settings screen but no table.

Kerberos Realms

Your network must contain a Key Distribution Center (KDC) to add a realm. A Kerberos realm is an authorized domain that a Kerberos server can use to authenticate a client. By default, TrueNAS creates a Kerberos realm for the local system.

Click ADD to create a realm on the TrueNAS. Click SUBMIT to save changes.

KerberosRealmAdvancedOptions

Basic Options

Name	Description
Realm	Enter a name for the realm.

Advanced Options

Name	Description
KDC	Enter the name of the Key Distribution Center. If there is more than one value separate the values by pressing `Enter`.
Admin Server	Define the server that performs all changes to the database. If there is more than one value separate the values by pressing `Enter`.
Password Server	Define the server that performs all password changes. If there is more than one value separate the values by pressing `Enter`.

Kerberos Keytabs

A keytab (key table) is a file that stores encryption keys for various authentication scenarios. Kerberos keytabs allow systems and clients to join an Active Directory or LDAP. Keytabs make it possible to join without entering a password.

After generating the keytab, use the Add Kerberos Keytab screen to add it to your TrueNAS.

KerberosKeytabAddScreen

Kerberos Keytab

Name	Description
Name	Enter a name for the keytab.
Choose File	Opens a file explorer window where you can locate and select the keytab file.

Click SUBMIT to save settings or CANCEL to exit without saving.

Kerberos Settings

Use the Directory Services > Kerberos Settings screen to enter any extra settings.

KerberosSettingsScreen

Name	Description
Appdefaults Auxiliary Parameters	Define any extra settings for use by some Kerberos applications. [appdefaults] section of krb.conf(5) lists the available settings and syntax.
Libdefaults Auxiliary Parameters	Define any settings used by the Kerberos library. [libdefaults] section of krb.conf(5) lists the available settings and their syntax.

Sharing

File sharing is a core benefit of a NAS. TrueNAS helps foster collaboration between users through network shares.
TrueNAS can use AFP, iSCSI shares, Unix NFS shares, Windows SMB shares, and WebDAV shares.

AFP Share Screen: Provides information about the AFP Share screen in TrueNAS CORE.

Block Shares (iSCSI): Provides information about iSCSI terminology and configuration for TrueNAS CORE.

iSCSI Shares: Describes how to configure iSCSI block share on TrueNAS CORE.

NFS Share Screen: Use the NFS share screen to configure Network File System (NFS) shares on your TrueNAS.

WebDAV Screen: Use the Sharing WebDAV screen to configure Web Distributed Authoring and Versioning (WebDAV) on your TrueNAS.

SMB Share Screen: Desctibes the SMB sharing screen in TrueNAS CORE

AFP Share Screen

Apple Filing Protocol (AFP) facilitates workgroup and Internet file sharing. It does this in a mixed-platform environment. Go to Sharing > AFP to set up an AFP share. Click ADD to edit AFP share settings.

AFP share creation is deprecated in CORE 13.0. A Recommendation dialog displays when accessing this screen and suggests sharing data with a different protocol.

Click CREATE AN SMB SHARE to display the SMB BASIC OPTIONS configuration screen.
Click CONTINUE WITH AFP SETUP to continue to the AFP > ADD BASIC OPTIONS configuration screen.

Sharing AFP Add

Click ADVANCED OPTIONS to display extra configuration settings. These configuration settings allow modifying the share Permissions and adding a Description. You can also specify any Auxiliary Parameters.

Sharing AFP Add Advanced

General Options

These settings display on the BASIC OPTIONS screen.

Name	Description
Path	Browse to the pool or dataset to share. Netatalk does not fully support nesting additional pools, datasets, or symbolic links beneath this path.
Name	The pool name that appears in the connect to server dialog of the computer. This is a required field.
Time Machine	Select to advertise TrueNAS as a Time Machine disk so Macs can find it. Configuring multiple shares for Time Machine use is not recommended. When multiple Macs share the same pool, low disk space issues and failed backups can occur.
Use as Home Share	Select to allow the share to host user home directories. Only one share can be the home share.
Enabled	Select to enable this AFP share. Clear checkmark to disable this AFP share without deleting it.

Permissions

These settings display on the BASIC OPTIONS screen and after clicking ADVANCED OPTIONS.

Name	Description
Default Umask	Umask used for newly created files. Default is 000. This means anyone can read, write, and execute.
File Permissions	Only works with Unix ACLs. New files created on the share are set with the selected permissions.
Directory Permissions	Only works with Unix ACLs. New directories created on the share are set with the selected permissions.
AFP3 Unix Privs	Select to enable Unix privileges supported by OSX 10.5 and higher. Do not enable this if the network contains Mac OSX 10.4 clients or lower as they do not support this feature. Only works with Unix ACLs.
Allow	Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry denies any user or group that is not specified.
Read Only	Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry denies any user or group that is not specified.
Allow Hosts	Allow host names or IP addresses to connect to the share. Click ADD to add multiple entries. If neither Allow Hosts or Deny Hosts contains an entry, then allow AFP share access for any host. If there is an entry in Allow Hosts list but none in Deny Hosts list, then only allow hosts on the Allow Hosts list. If there is a entry in Deny Hosts list but none in Allow Hosts list, then allow all hosts that are not on the Deny Hosts list. If there are entries in both Allow Hosts and Deny Hosts list, then allow all hosts that are on the Allow Hosts list. If there is a host not on the Allow Hosts and not on the Deny Hosts list, then allow it.
Deny	Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry allows any user or group that is not specified.
Read/Write	Comma-delimited list of allowed users and/or groups where groupname begins with a @. Note that adding an entry allows any user or group that is not specified.
Deny Hosts	Deny host names or IP addresses access to the share. Click ADD to add multiple entries. If neither Allow Hosts or Deny Hosts contains an entry, then allow AFP share access for any host. If there is an entry in Allow Hosts list but none in Deny Hosts list, then only allow hosts on the Allow Hosts list. If there is an entry in Deny Hosts list but none in Allow Hosts list, then allow all hosts that are not on the Deny Hosts list. If there are entries in both Allow Hosts and Deny Hosts list, then allow all hosts that are on the Allow Hosts list. If there is a host not on the Allow Hosts and not on the Deny Hosts list, then allow it.

Other Options

These settings display after clicking ADVANCED OPTIONS.

Name	Description
Descriptions	Optional description.
Zero Device Number	Select to enable when the device number is inconstant across a reboot.
No Stat	Select to allow AFP to not stat the pool path when enumerating the pools list. This is useful for automounting or pools created by a preexec script.
Auxiliary Parameters	Additional afp.conf parameters not covered by other option fields.

Click SUBMIT to save settings and create the share.

Click CANCEL to exit the Add screen without saving and return to the AFP screen.

To edit an existing AFP share, go to Sharing > Apple Shares (AFP) and click .

Block Shares (iSCSI)

Internet Small Computer Systems Interface (iSCSI) represents standards for using Internet-based protocols for linking binary data storage device aggregations. IBM and Cisco submitted the draft standards in March 2000. Since then, iSCSI has seen widespread adoption into enterprise IT environments.

iSCSI functions through encapsulation. The Open Systems Interconnection Model (OSI) encapsulates SCSI commands and storage data within the session stack. The OSI further encapsulates the session stack within the transport stack, the transport stack within the network stack, and the network stack within the data stack. Transmitting data this way permits block-level access to storage devices over LANs, WANs, and even the Internet itself (although performance may suffer if your data traffic is traversing the Internet).

The table below shows where iSCSI sits in the OSI network stack:

OSI Layer Number	OSI Layer Name	Activity as it relates to iSCSI
7	Application	An application tells the CPU that it needs to write data to non-volatile storage.
6	Presentation	OSI creates a SCSI command, SCSI response, or SCSI data payload to hold the application data and communicate it to non-volatile storage.
5	Session	Communication between the source and the destination devices begins. This communication establishes when the conversation starts, what it talks about, and when the conversion ends. This entire dialogue represents the session. OSI encapsulates the SCSI command, SCSI response, or SCSI data payload containing the application data within an iSCSI Protocol Data Unit (PDU).
4	Transport	OSI encapsulates the iSCSI PDU within a TCP segment.
3	Network	OSI encapsulates the TCP segment within an IP packet.
2	Data	OSI encapsulates the IP packet within the Ethernet frame.
1	Physical	The Ethernet frame transmits as bits (zeros and ones).

Unlike other sharing protocols on TrueNAS, an iSCSI share allows block sharing and file sharing. Block sharing provides the benefit of block-level access to data on the TrueNAS. iSCSI exports disk devices (zvols on TrueNAS) over a network that other iSCSI clients (initiators) can attach and mount.

iSCSI Terminology

Challenge-Handshake Authentication Protocol (CHAP): an authentication method that uses a shared secret and three-way authentication to determine if a system is authorized to access the storage device. It also periodically confirms that the session has not been hijacked by another system. In iSCSI, the client (initiator) performs the CHAP authentication.
Mutual CHAP: a CHAP type in which both ends of the communication authenticate to each other.
Internet Storage Name Service (iSNS): protocol for the automated discovery of iSCSI devices on a TCP/IP network.
Extent: the storage unit to be shared. It can either be a file or a device.
Portal: indicates which IP addresses and ports to listen on for connection requests.
Initiators and Targets: iSCSI introduces the concept of initiators and targets which act as sources and destinations respectively. iSCSI initiators and targets follow a client/server model. Below is a diagram of a typical iSCSI network. The TrueNAS storage array acts as the iSCSI target and can be accessed by many of the different iSCSI initiator types, including software and hardware-accelerated initiators.
The iSCSI protocol standards require that iSCSI initiators and targets is represented as iSCSI nodes. It also requires that each node is given a unique iSCSI name. To represent these unique nodes via their names, iSCSI requires the use of one of two naming conventions and formats, IQN or EUI. iSCSI also allows the use of iSCSI aliases which are not required to be unique and can help manage nodes.
Logical Unit Number (LUN): LUN represents a logical SCSI device. An initiator negotiates with a target to establish connectivity to a LUN. The result is an iSCSI connection that emulates a connection to a SCSI hard disk. Initiators treat iSCSI LUNs as if they were a raw SCSI or SATA hard drive. Rather than mounting remote directories, initiators format and directly manage filesystems on iSCSI LUNs. When configuring multiple iSCSI LUNs, create a new target for each LUN. Since iSCSI multiplexes a target with multiple LUNs over the same TCP connection, there can be TCP contention when more than one target accesses the same LUN. TrueNAS supports up to 1024 LUNs.
Jumbo Frames: Jumbo frames are the name given to Ethernet frames that exceed the default 1500 byte size. This parameter is typically referenced by the nomenclature as a maximum transmission unit (MTU). A MTU that exceeds the default 1500 bytes necessitates that all devices transmitting Ethernet frames between the source and destination support the specific jumbo frame MTU setting, which means that NICs, dependent hardware iSCSI, independent hardware iSCSI cards, ingress and egress Ethernet switch ports, and the NICs of the storage array must all support the same jumbo frame MTU value. So, how does one decide if they should use jumbo frames?
Administrative time is consumed configuring jumbo frames and troubleshooting if/when things go sideways. Some network switches might also have ASICs optimized for processing MTU 1500 frames while others might be optimized for larger frames. Systems administrators should also account for the impact on host CPU utilization. Although jumbo frames are designed to increase data throughput, it may measurably increase latency (as is the case with some un-optimized switch ASICs); latency is typically more important than throughput in a VMware environment. Some iSCSI applications might see a net benefit running jumbo frames despite possible increased latency. Systems administrators should test jumbo frames on their workload with lab infrastructure as much as possible before updating the MTU on their production network.

iSCSI Configuration Methods

There are a few different approaches for configuring and managing iSCSI-shared data:

TrueNAS CORE web interface: the TrueNAS web interface is fully capable of configuring iSCSI shares. This requires creating and populating zvol block devices with data, then setting up the iSCSI Share. TrueNAS Enterprise licensed customers also have additional options to configure the share with Fibre Channel.
TrueNAS SCALE web interface: TrueNAS SCALE offers a similar experience to TrueNAS CORE for managing data with iSCSI; create and populate the block storage, then configure the iSCSI share.

For more information on iSCSI shares also see:

iSCSI Shares: Describes how to configure iSCSI block share on TrueNAS CORE.

iSCSI Shares

Users can configure an iSCSI block share using either the wizard or the individual configuration screens. The wizard steps users through the configuration process in an ordered sequence. Using the seven tabs on the iSCSI screen allows users to configure settings in any order they choose (a manual process).

iSCSI Wizard Configuration Screens

The iSCSI Wizard configuration forms guide users through the process of setting up an iSCSI block share. Click WIZARD to display the first configuration screen.

Use Next to advance to the next wizard configuration form. Use Back to return to a previous wizard configuration form. Use Cancel to exit the configuration wizard.

Wizard Configuration Screens and Settings

Create or Choose Block Device Screen Settings

Create or Choose Block Device

Setting	Description
Name	Type a lower case alphanumeric character string that can include a dot (.), dash (-), or colon (:). Keep the string short and do not exceed 63 characters.
Extent Type	Choose either Device or File. If selecting Device use a zvol created for the share. If selecting File also select the path to the extent and include the file size.
Device	Required field. Create New or select from devices listed
Sharing Platform	Select from the options provided: VMware: extent block size 512b, TCP enabled, no Xen compat mode, SSD speed Xen: Extent block size 512b, TCP enabled, Xen compat mode enabled, SSD speed Legacy OS: Extent block size 512b, TCP enabled, no Xen compat mode, SSD speed Modern OS: Extent block size 4k, TCP enabled, no Xen compat mode, SSD speed Use Moderon OS for updated operating systems like Linux OS.

Portal Screen Settings

Portal

The Wizard Portal configuration form includes only the Portal field unless you select Create New on the dropdown list.

Setting	Description
Portal	Select either Create New or an existing portal from the dropdown list. Selecting Create New displays the Discovery Authentication Method, Discovery Authentication Group, IP Address and Port fields.
Discovery Authentication Method	Required if creating a new portal. Select either NONE, CHAP or Mutual CHAP from the dropdown list. If NONE you can leave Discovery Authentication Group set to NONE as well.
Discovery Authentication Group	Required if the discovery authentication method is set to CHAP or MUTUAL CHAP. Select either NONE or Create New on the dropdown list. If Discovery Authentication Method is set to NONE you can select NONE here but if Discovery Authentication Method is set to CHAP or MUTUAL CHAP select CREATE NEW. This displays the Group ID, User, Secret and Secret (Confirm) configuration fields.
Group ID	Displays after selecting Create New in the Discovery Authentication Group field. Group IDs allow you to configure different groups with different authentication profiles. For example, all users with a group ID of 1 inherits the authentication profile associated with group 1. Type a number for the group ID.
User	Displays after selecting Create New in for the discovery authentication group. Type the name of the user account to create for the CHAP authentication with the user on the remote system. For example, you could use the initiator name as the user name.
Secret	Displays after selecting Create New as the discovery authentication group. Type a user password of at least 12 but no more than 16 characters.
Secret (Confirm)	Displays after selecting Create New as the discovery authentication group. Retype the user password entered into the Secret field. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
IP Address	Select the IP address from the dropdown list. This is the IP address to list on the portal. Click ADD to add more IP addresses if desired or necessary. Click DELETE to remove any IP addresses and ports you added after clicking ADD. Use 0.0.0.0 to listen on all IPv4 addresses or use :: to listen on all IPv6 IP addresses.
Port	Type the TCP port used to access the iSCSI target. The default port is 3260.
ADD	Saves the selected IP address and allows the user to add another IP address. New IP address and port entry fields includes the DELETE button allows you to remove the new entry if necessary.
DELETE	Displays after clicking ADD. Removes the new IP address and port line created after clicking ADD.

Initiator Screen Settings

Initiator

Setting	Description
Initiators	Leave blank to allow all host names or to enter a list of initiator host names. Use the keyboard `Enter` after entering each host name to save.
Authorized Networks	Network addresses allowed to use this initiator. Leave blank to allow all networks or list all network addresses with a CIDR mask. Separate each entry with the keyboard `Enter`.

Confirm Options Screen Settings

Confirm Options Form

Use Back to return to a previous configuration form to make any changes on that form. Use SUBMIT to save the settings and the new iSCSI share.

Manual Setup Screens

The manual configuration screens allow you to add or edit an iSCSI block share. There are seven configuration screens accessed from tabs at the top of the iSCSI screen. Unlike the wizard configuration option, you can move from one screen to another in any sequence.

Manual Configuration Screens and Settings

Target Global Configuration Tab

The Target Global Configuration screen allows user to add or edit global configuration settings that apply to all iSCSI shares.

Setting	Description
Base Name	Lowercase alphanumeric characters plus dot (.), dash (-), and colon (:) are allowed. See the “Constructing iSCSI names using the iqn.format” section of RFC3721.
ISNS Servers	Host names or IP addresses of the ISNS servers to register with the iSCSI targets and portals of the system. Use keyboard `Enter`. to separate entries.
Pool Available Space Threshold (%)	Generates an alert when the pool has this percent space remaining. It is typical to configure this at the pool level when using zvols or at the extent level for both file and device-based extents.

Click SAVE before leaving the global configuration settings screen.

Portals Tab

The Portals screen displays a list of configured portals. It lets users create new portals or edit the existing ones in the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Portals table. Select from Unselect All, Listen, Description, Discovery Auth Method, Discover Auth Group or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Portals Add configuration form. Click the icon for the portal and select Edit to display the Portal Edit configuration form. Both the Add and Edit forms have the same settings fields.

Basic Info

Setting	Description
Description	Optional description. Portals are automatically assigned a numeric group.

Authentication Method and Group

Setting	Description
Discovery Authentication Method	iSCSI supports multiple authentication methods that the target uses to discover valid devices. None allows anonymous discovery while CHAP and Mutual CHAP require authentication.
Discovery Authentication Group	Group ID created in Authorized Access. Required when the discovery authentication method is CHAP or Mutual CHAP.

IP Address

Setting	Description
IP Address	Select the IP addresses the portal uses to listened on. Click ADD to add IP addresses with a different network port. 0.0.0.0 listens on all IPv4 addresses and :: listens on all IPv6 addresses.
Port	TCP port used to access the iSCSI target. Default is 3260.
ADD	Adds another IP address row.

Initiators Groups Tab

The Initiators Groups screen displays a lis of configured initiators. It lets users create new authorized access client groups or edit existing ones on the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Initiator Groups table. Select from Unselect All, Initiators, Authorized Networks, Description or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Initiators Add configuration screen. Click the icon for the initiator and select Edit to display the Initiators Edit configuration form. Both the Add and Edit forms have the same settings fields.

Setting	Description
Connected Initiators	Initiators currently connected to the system, displayed in the IQN format with an IP address. Set initiators and click an to add the initiators to either the Allowed Initiators or Authorized Networks lists. Click Refresh to update the list of connected initiators.
Allow All Initiators	Allows all initiators when selected. If not selected, configure your own allowed initiators and authorized networks.
Allowed Initiators (IQN)	Initiators allowed access to this system. Enter an iSCSI Qualified Name (IQN) and click the to add it to the list. Example: iqn.1994-09.org.freebsd:freenas.local.
Authorized Networks	Network addresses allowed use this initiator. Each address can include an optional CIDR netmask. Click to add the network address to the list. Example: 192.168.2.0/24.
Description	Enter any notes about initiators.
REFRESH	Refreshes the list displayed in Connected Initiators.
SAVE	Saves changes made on the Add or Edit initiator screens.
CANCEL	Discards changes made on and closes the Add or Edit initiator screens.

Authorized Access Tab

The Authorized Access screen displays a list of authorized access networks. It lets users create new authorized access networks or edit existing ones in the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Initiator Groups table. Select from Unselect All, User, Peer User or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Authorized Access Add configuration screen. Click the icon for the authorized access and select Edit to display the Authorized Access Edit configuration form. Both the Add and Edit forms have the same settings fields.

Group

Setting	Description
Group ID	Allow you to configure different groups with different authentication profiles. For example, all users with a group ID of 1 inherit the authentication profile associated with Group 1.

User

Setting	Description
User	User account to create for CHAP authentication with the user on the remote system. Many initiators use the initiator name as the user name.
Secret	User password of at least 12 but no more than 16 characters. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
Secret (Confirm)	Confirm the user password.

Peer User

Setting	Description
Peer User	Only entered when configuring mutual CHAP. Usually the same value as User.
Peer Secret	Mutual secret password. Required when Peer User is set up. Must be different than the password used in Secret. Click the icon to display the characters you typed to verify you typed the desired password string. Click to hide the password string.
Peer Secret (Confirm)	Confirm the mutual secret password.

Targets Tab

The Targets screen displays a list of storage resources configured in the system. It lets users create new TrueNAS storage resources or edit existing ones in the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Targets table. Select from Unselect All, Target Alias or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Targets Add configuration screen. Click the icon for the target and select Edit to display the Targets Edit configuration form. Both the Add and Edit forms have the same settings fields.

Basic Info

Setting	Description
Target Name	The base name for the target. It is automatically prepended if the target name does not start with iqn. Allowed characters are lowercase alphanumeric characters plus dot (.), dash (-), and colon (:). See the “Constructing iSCSI names using the iqn.format” section of RFC3721.
Target Alias	Optional user-friendly name for the Target Name.

iSCSI Group

Setting	Description
Portal Group ID	Leave empty or select an existing portal to use. If you click the dropdown arrow, you must select a portal group ID from the list.
Initiator Group ID	Select the existing initiator group that has access to the target. Leave empty if Portal Group ID is empty.
Authentication Method	Select None, CHAP, or Mutual CHAP.
Authentication Group Number	Select None or an integer. This value represents the number of existing authorized accesses.

Extents Tab

The Extents screen displays a list of available shared storage units configured on the system. It lets users create new shared storage units or edit existing ones in the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Extents table. Select from Unselect All, Description, Serial, NAA, Enabled or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Extents Add configuration screen. Click the icon for the shared storage unit and select Edit to display the Extents Edit configuration form. Both the Add and Edit forms have the same settings fields.

Basic Info

Setting	Description
Name	Name of the extent. An extent with a size of zero can be an existing file within the pool or dataset. An extent with a size other than zero cannot be an existing file within the pool or dataset.
Description	Type any notes about this extent.
Enabled	Select to enable the iSCSI extent.

Type

Setting	Description
Extent Type	Specify the storage unit type. Select Device or File from the dropdown list. Device provides virtual storage access to zvols, zvol snapshots, or physical devices. File provides virtual storage access to a single file.
Device	Only displays only if Device is the selected in Extent Type. Select the unformatted disk, controller, or zvol snapshot.
Path to the Extent	Only displays if the Extent Type is set to File. Browse to an existing file. Create a new file by browsing to a dataset and appending /{filename.ext} to the path. Users cannot create extents inside a jail root directory.
Filesize	Only displays if the Extent Type is set to File. Enter 0 to use the actual file size and it requires that the file already exists. Otherwise, specify the file size for the new file.
Logical Block Size	Leave at the default of 512 unless the initiator requires a different block size. Select from 512, 1024, 2048 or 4096 on the dropdown list.
Disable Physical Block Size Reporting	Select if the initiator does not support physical block size values over 4K (MS SQL).

Compatibility

Setting	Description
Enable TPC	Select to allow an initiator to bypass normal access control and access any scannable target. This allows xcopy operations that are otherwise blocked by access control.
Xen initiator compat mode	Select when using Xen as the iSCSI initiator.
LUN RPM	Do not change this setting when using Windows as the initiator! Only change the default SSD setting if in a large environment where you need a number of systems using a specific RPM for accurate reporting statistics. Options are SSD, 5400, 7200, 10000 or 15000.
Read-only	Select to prevent the initiator from initializing this LUN.

Associated Targets Tab

The Associated Targets screen displays a list of associated TrueNAS storage resources configured on the system. It lets users create new associated TrueNAS storage resources or edit existing ones in the list. Use the blue Columns dropdown list to display a list of available options to add or remove columns in the Associated Targets table. Select from Unselect All, LUN ID, Extent or Reset to Defaults to reverse any changes you made to the table.

Use ADD to display the Associated Targets Add configuration screen. Click the icon for the associated TrueNAS storage resource and select Edit to display the Associated Targets Edit configuration form. Both the Add and Edit forms have the same settings fields.

Setting	Description
Target	Select an existing target. This is a required field.
LUN ID	Select the value or enter a value between 0 and 1023. Some initiators expect a value below 256. Leave this field blank to automatically assign the next available ID.
Extent	Select an existing extent. This is a required field.

NFS Share Screen

Unix and Unix-like operating systems often use the Network File System (NFS) protocol. NFS shares data across a network as part of a distributed file system. Go to Sharing > Unix Shares (NFS) to access the NFS screen to create a Network File System (NFS) share on TrueNAS.

NFSScreen

Click COLUMNS to change the NSF table view. Options include Unselect All, Description, Enabled or Reset to Defaults.

Click ADD to open the BASIC OPTIONS configuration screen.

NFSBasicOptionsScreen

Name	Description
Path	Type or browse to the full path to the pool or dataset to share. Click ADD to add another Path setting field. Repeat to configure multiple paths.
Description	Enter any notes or reminders about the share.
All dirs	Select checkbox to allow the client to mount any subdirectory within the Path. Clear to only allow clients to mount the Path endpoint.
Quiet	Select to suppress some syslog diagnostics to avoid error messages. See exports(5) for examples. Clear checkbox to allow all syslog diagnostics. This can lead to additional cosmetic error messages.
Enabled	Select checkbox to enable this NFS share. Clear checkbox to disable this NFS share without deleting the configuration.

Click ADVANCED OPTIONS to display extra settings. These settings allow tuning the share access permissions and defining authorized networks.

NFSAdvancedOptionsScreen

Access Settings

Name	Description
Read Only	Select checkbox to prohibit writing to the share. Clear checkbox to allow writing to the share.
Maproot User	Enter a new string or select a user to apply that user permissions to the root user. Dropdown list displays a list of all users on the system.
Maproot Group	Enter a new string or select a group to apply that group permissions to the root user. Dropdown list displays a list of all groups on the system.
Mapall User	Enter a new string or select a user to apply permissions for the chosen user to all clients.
Mapall Group	Enter a new string or select a group to apply permissions for the chosen group to all clients.
Authorized Networks	Enter an allowed network in network/mask CIDR notation. Click ADD to define another authorized network. Defining an authorized network restricts access to all other networks. Leave empty to allow all networks.
Authorized Hosts and IP addresses	Enter a host name or IP address to allow that system access to the NFS share. Click ADD to define another allowed system. Defining authorized systems restricts access to all other systems. Leave field empty to allow all systems access to the share.

Click SUBMIT to save NFS share settings.

Click CANCEL to exit without saving and return to the NFS Shares screen.

To edit an existing NFS share click the for the share and select Edit. The options available are identical to the ADD share setting options.

WebDAV Screen

Web Distributed Authoring and Versioning (WebDAV) is an extension of HTTP. It is a protocol designed to help with web content authoring and management. Use the Sharing WebDAV screen to configure WebDAV on your TrueNAS.

WebDAVShareScreen

Click COLUMNS to change the columns displayed in the table. Options are Select All, Description, Path, Enabled, Read Only, Change User and Group Owners or Reset to Defaults.

Click ADD to open the WebDAV configuration screen.

WebDAVAddScreen

Name	Description
Name	Enter a name for the share.
Description	Optional.
Path	Browse to the pool or dataset to share.
Read Only	Select to prohibit users from writing to this share.
Change User & Group Ownership	Change existing ownership of all files in the share to user webdav and group webdav. Clearing the check mark means you must manually set ownership of the files accessed through WebDAV to the webdav or www user/group.
Enabled	Select to enable this WebDAV share. Leave checkbox clear to disable this WebDAV share without deleting it.

SMB Share Screen

Server Message Block (SMB) is a file sharing protocol. Windows and other operating systems use SMB.

Go to Sharing > Windows Shares (SMB) to display the SMB screen and setup SMB shares on your TrueNAS.

SharingSMBScreen

Click Columns to change the information displayed in the table. Options are Unselect All, Path, Description, Enabled and Reset to Defaults.

Click Add to display the BASIC Options settings screen.

Basic Options

SharingSMBBasicOptions

Name	Description
Path	Use the file browser or click the /mnt to select the pool, dataset or directory to share.
Name	Enter a name for the SMB share.
Purpose	Select a preset purpose configuration. This locks in predetermined values for the share. This includes Advanced Options, as well as the Path Suffix. Select from the dropdown list. Options are: No presets Default share parameters Multi-user time machine Multi-protocol (AFP/SMB) shares Multi-protocol (NFSv3/SMB) shares Private SMB Datasets and Shares SMB WORM. Files become readonly via SMB after 5 minutes. Note: The SMB WORM preset only impacts writes over the SMB protocol. Prior to deploying this option in a production environment the user needs to determine whether the feature meets his / her requirements. See “What do all the presets do?” for more information on presets.
Description	Optional. Explains the purpose of the share.
Enabled	Select to enable this SMB share. Clear checkbox to disable the share without deleting the configuration.

What do all the presets do?

The following table shows the preset options for the different Purposes and if those options are locked. An [x] indicates the option is enabled, [ ] means the option is disabled, and [text] indicates a specific value:

Default share parameters	Multi-user time machine	Multi-protocol (AFP/SMB) shares	Multi-protocol (NFSv3/SMB) shares	Private SMB Datasets and Shares	Files become readonly of SMB after 5 minutes
[x] Enable ACL (locked)	[x] Enable ACL (unlocked)	[x] Enable ACL (locked)	[ ] Enable ACL (locked)	[ ] Enable ACL (unlocked)	[ ] Enable ACL (unlocked)
[ ] Export Read Only (locked)	[ ] Export Read Only (unlocked)	[ ] Export Read Only (unlocked)	[ ] Export Read Only (unlocked)	[ ] Export Read Only (unlocked)	[ ] Export Read Only (unlocked)
[x] Browsable to Network Clients (locked)	[x] Browsable to Network Clients (unlocked)	[x] Browsable to Network Clients (unlocked)	[x] Browsable to Network Clients (unlocked)	[x] Browsable to Network Clients (unlocked)	[x] Browsable to Network Clients (unlocked)
[ ] Allow Guest Access (unlocked)	[ ] Allow Guest Access (unlocked)	[ ] Allow Guest Access (unlocked)	[ ] Allow Guest Access (unlocked)	[ ] Allow Guest Access (unlocked)	[ ] Allow Guest Access (unlocked)
[ ] Access Based Share Enumeration (locked)	[ ] Access Based Share Enumeration (unlocked)	[ ] Access Based Share Enumeration (unlocked)	[ ] Access Based Share Enumeration (unlocked)	[ ] Access Based Share Enumeration (unlocked)	[ ] Access Based Share Enumeration (unlocked)
[ ] Hosts Allow (locked)	[ ] Hosts Allow (unlocked)	[ ] Hosts Allow (unlocked)	[ ] Hosts Allow (unlocked)	[ ] Hosts Allow (unlocked)	[ ] Hosts Allow (unlocked)
[ ] Hosts Deny (locked)	[ ] Hosts Deny (unlocked)	[ ] Hosts Deny (unlocked)	[ ] Hosts Deny (unlocked)	[ ] Hosts Deny (unlocked)	[ ] Hosts Deny (unlocked)
[ ] Use as Home Share (locked)	[ ] Use as Home Share (unlocked)	[ ] Use as Home Share (unlocked)	[ ] Use as Home Share (unlocked)	[ ] Use as Home Share (unlocked)	[ ] Use as Home Share (unlocked)
[ ] Time Machine (locked)	[ ] Time Machine (unlocked)	[ ] Time Machine (unlocked)	[ ] Time Machine (unlocked)	[ ] Time Machine (unlocked)	[ ] Time Machine (unlocked)
[x] Enable Shadow Copies (locked)	[x] Enable Shadow Copies (unlocked)	[x] Enable Shadow Copies (unlocked)	[x] Enable Shadow Copies (unlocked)	[x] Enable Shadow Copies (unlocked)	[x] Enable Shadow Copies (unlocked)
[ ] Export Recycle Bin (locked)	[ ] Export Recycle Bin (unlocked)	[ ] Export Recycle Bin (unlocked)	[ ] Export Recycle Bin (unlocked)	[ ] Export Recycle Bin (unlocked)	[ ] Export Recycle Bin (unlocked)
[ ] Use Apple-style Character Encoding (locked)	[ ] Use Apple-style Character Encoding (unlocked)	[x] Use Apple-style Character Encoding (locked)	[x] Use Apple-style Character Encoding (unlocked)	[x] Use Apple-style Character Encoding (unlocked)	[x] Use Apple-style Character Encoding (unlocked)
[x] Enable Alternate Data Streams (locked)	[x] Enable Alternate Data Streams (unlocked)	[x] Enable Alternate Data Streams (locked)	[ ] Enable Alternate Data Streams (locked)	[ ] Enable Alternate Data Streams (unlocked)	[ ] Enable Alternate Data Streams (unlocked)
[x] Enable SMB2/3 Durable Handles (locked)	[x] Enable SMB2/3 Durable Handles (unlocked)	[ ] Enable SMB2/3 Durable Handles (locked)	[ ] Enable SMB2/3 Durable Handles (locked)	[ ] Enable SMB2/3 Durable Handles (unlocked)	[ ] Enable SMB2/3 Durable Handles (unlocked)
[ ] Enable FSRVP (locked)	[ ] Enable FSRVP (unlocked)	[ ] Enable FSRVP (locked)	[ ] Enable FSRVP (unlocked)	[ ] Enable FSRVP (unlocked)	[ ] Enable FSRVP (unlocked)
[ ] Path Suffix (locked)	[%U] Path Suffix (locked)	[%U] Path Suffix (unlocked)	[%U] Path Suffix (unlocked)	[%U] Path Suffix (locked)	[ ] Path Suffix (locked)
[ ] Auxiliary Parameters (unlocked)	[ ] Auxiliary Parameters (unlocked)	[ ] Auxiliary Parameters (unlocked)	[ ] Auxiliary Parameters (unlocked)	[ ] Auxiliary Parameters (unlocked)	[ ] Auxiliary Parameters (unlocked)

Advanced Options

SharingSMBAdvancedOptions

Access and Other Options are the two options groups. Access settings allow systems or users to access or change the shared data.

Name	Description
Enable ACL	Select to add Access Control List (ACL) support to the share. Leave checkbox clear to disable ACL support and delete any existing ACL for the share.
Export Read Only	Select to prohibit writes to the share. Leave checkbox clear to allow writes to the share.
Browsable to Network Clients	Select to include this share name when browsing shares. Home shares are only visible to the owner regardless of this setting.
Allow Guest Access	Select to make privileges the same as the guest account. Windows 10 version 1709 and Windows Server version 1903 have disabled guest access. Guest access for these clients requires extra client-side configuration. MacOS clients: Trying to connect as a user that does not exist in TrueNAS does not default to the guest account. The Connect As: Guest option must be specifically chosen in MacOS to log in as the guest account. See the Apple documentation for more details.
Access Based Share Enumeration	Select to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.
Hosts Allow	Enter a list of allowed host names or IP addresses. Separate entries by pressing `Enter`. A more detailed description with examples see here.
Hosts Deny	Enter a list of denied host names or IP addresses. Separate entries by pressing `Enter`.

Host Allow and Hosts Deny Fields

The Hosts Allow and Hosts Deny fields set up different access scenarios:

If neither Hosts Allow or Hosts Deny contain an entry, then allow SMB share access for any host.
If there is an entry in Hosts Allow list but none in Hosts Deny list, then only allow hosts on the Hosts Allow list.
If there is an entry in Hosts Deny list but none in Hosts Allow list, then allow all hosts that are not on the Hosts Deny list.
If there are both an entry in Hosts Allow and Hosts Deny list, then allow all hosts that are on the Hosts Allow list. If there is a host not on the Hosts Allow and not on the Hosts Deny list, then allow it.

The Other Options have settings for improving Apple software compatibility. There are also ZFS snapshot features, and other advanced features.

Name	Description
Use as Home Share	Select to allow the share to host user home directories. Gives each user a personal home directory when connecting to the share. This personal home directory is not accessible by other users. This allows for a personal, dynamic share. It is only possible to use one share as the home share. See the configuring Home Share article for detailed instructions.
Time Machine	Select to enable Apple Time Machine backups on this share.
Enable Shadow Copies	Select to allow export ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients.
Export Recycle Bin	When selected, moves files deleted from the same dataset to a recycle bin located in that dataset. These files do not take any extra space.
Use Apple-style Character Encoding	Select to convert NTFS illegal characters in the same manner as MacOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters.
Enable Alternate Data Streams	Select to allow multiple NTFS data streams. Disabling this option causes MacOS to write streams to files on the file system.
Enable SMB2/3 Durable Handles	Select to allow using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. This option is not recommended when configuring multi-protocol or local access to files.
Enable FSRVP	Select to enable support for the File Server Remote VSS Protocol (FSVRP). This protocol allows Remote Procedure Call (RPC) clients to manage snapshots for a specific SMB share. The share path must be a dataset mountpoint. Snapshots have the prefix `fss-` followed by a snapshot creation timestamp. A snapshot must have this prefix for an RPC user to delete it.
Path Suffix	Appends a suffix to the share connection path. This provides unique shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connectpath must be preset before a client connects.
Auxiliary Parameters	Additional smb.conf settings.

Click Submit to save setings. This creates the share and adds it to the Sharing > Windows Shares (SMB) list.

Click CANCEL to exit without saving and return to the main SMB screen.

Services

The Services screen lists all services available on the TrueNAS.

Activate or configure a service on the Services page.

ServicesScreen

Use the right slider to scroll down to the bottom of the list of services or click on page 2, or the or arrows.

To locate a service, type in the Filter Search field to narrow down the list of services.

Select Start Automatically for configured services that need to start after the system boots.

Click the toggle to start or stop the service, depending on the current state. Hover the mouse over the toggle to see the current state of that service. The toggle turns blue when it is running.

Click the icon to display the settings screen for a service.

Sharing provides documentation for services related to data sharing. Tasks provides documentation for services related to automated tasks.

Services Contents

AFP Screen: Describes the AFP screen in TrueNAS CORE.

Dynamic DNS Screen: Describes the DDNS screen in TrueNAS CORE.

FTP Screen: Describes the FTP screen in TrueNAS CORE.

LLDP Screen: Describes the LLDP screen in TrueNAS CORE.

NFS Screen: Describes the NFS screen in TrueNAS CORE.

OpenVPN Screen: Describes the OpenVPN screen in TrueNAS CORE.

S.M.A.R.T. Screen: Describes the S.M.A.R.T. screen in TrueNAS CORE.

S3 Screen (deprecated): Describes the S3 screen in TrueNAS CORE. This service is deprecated.

SMB Service Screen: Describes the SMB screen in TrueNAS CORE.

SNMP Screen: Describes the SNMP screen in TrueNAS CORE.

SSH Screen: Describes the SSH screen in TrueNAS CORE.

TFTP Screen: Describes the TFTP screen in TrueNAS CORE.

UPS Screen: Describes the UPS screen in TrueNAS CORE.

WebDAV Services Screen: Describes the WebDAV screen in TrueNAS CORE.

AFP Screen

The Apple Filing Protocol (AFP) is a network protocol that allows file sharing over a network. It is like SMB and NFS, but it is for Apple systems.

Apple began using the SMB sharing protocol as the default option for file sharing in 2013. At that time Apple ceased development of the AFP sharing protocol. The recommendation is to use SMB sharing instead of AFP. AFP sharing is still used if files are being shared with legacy Apple products. Please see https://en.wikipedia.org/wiki/Apple_Filing_Protocol and https://appleinsider.com/articles/13/06/11/apple-shifts-from-afp-file-sharing-to-smb2-in-os-x-109-mavericks

Use the Services AFP screen to configure Apple Filing Protocol (AFP) service on your TrueNAS.

Services AFP Edit

Click SAVE to save settings.

Click CANCEL to exit without saving and return to the Services screen.

General Option

Name	Description
Database Path	The database information stored in the path. If the pool has read-only status, the path must still be writable.

Access

Name	Description
Guest Account	Select an account to use for guest access. This account must have permissions to the shared pool or dataset. Any client connecting to the guest service has the privileges of the guest account user. This user must exist in the password file, but does not need a valid login. Root user cannot be the guest account.
Guest Access	Select to disable the password prompt that displays before clients access AFP shares.
Max Connections	Maximum number of simultaneous connections permitted via AFP. The default limit is 50.
Chmod Request	Indicates how to handle access control lists. Select Ignore to disregard requests. Selecting Ignore also gives the parent directory ACL inheritance full control over new items. Select Preserve to preserve ZFS ACEs for named users and groups or the POSIX ACL group mask. Select Simple to configure chmod() as requested without any extra steps.
Map ACLs	Maps permissions for authenticated users. Select Rights (default, Unix-style permissions), None, or Mode (ACLs).

Other Options

Name	Description
Log Level	Record AFP service messages up to the specified log level in the system log. The system logs severe and warning level messages by default.
Bind Interfaces	Specify the IP addresses to listen for AFP connections. Leave blank to bind to all available IPs. If no IP addresses specified, advertise the first IP address of the system. If no IP addresses specified, listen for any incoming request.
Global Auxiliary	Additional afp.conf(5) parameters.

Dynamic DNS Screen

ISPs often change the IP address of the system. With Dynamic Domain Name Service (DDNS) the current IP address continues to point to a domain name. This provides uninterrupted access to TrueNAS.

ServicesDynamicDNSOptions

General Options

Name	Description
Provider	Select the provider from the dropdown list of supported providers. If a specific provider is not listed, select Custom Provider. Enter the information in the Custom Server and Custom Path fields.
Custom Server	Displays after selecting Custom Provider in the Provider field. Enter the DDNS server name. For example, members.dyndns.org denotes a server like dyndns.org.
Custom Path	Displays after selecting Custom Provider in the Provider field. Enter the DDNS server path. Path syntax can vary by provider. Obtain path syntax from that provider. For example, /update?hostname= is a simple path for the update.twodns.de custom sever. The host name is automatically appended by default. For more examples see In-A-Dyn documentation.
CheckIP-Server SSL	Use HTTPS for the connection to the CheckIP Server.
CheckIP Server	Name and port of the server that reports the external IP address. For example, entering checkip.dyndns.org:80 uses Dyn IP detection to discover the remote socket IP address.
CheckIP Path	Path to the CheckIP server. For example, no-ip.com uses a CheckIP Server of dynamic.zoneedit.com and CheckIP Path of /checkip.html.
SSL	Use HTTPS for the connection to the server that updates the DNS record.
Domain Name	Fully qualified domain name of the host with the dynamic IP address. Separate multiple domains with a space, comma (,), or semicolon (;). For example, myname.dyndns.org; myothername.dyndns.org.
Update Period	How often the IP is checked in seconds.

Credentials

Name	Description
Username	User name for logging in to the provider and updating the record.
Password	Password for logging in to the provider and updating the record.

The SAVE button activates after you enter your domain name in Domain Name. Click to save all settings.

After configuring your DDNS service, turn the service on using the Services screen.

FTP Screen

File Transfer Protocol (FTP) is a communication protocol. It transfers data across a computer network. Configure FTP service settings on TrueNAS using the FTP services screen.

FTPBasicOption

After making changes to settings click SAVE to confirm and save your changes.

Click ADVANCED OPTIONS to display advanced settings options. Click BASIC OPTIONS to return to the basic settings options.

Click CANCEL to exit without saving.

General Options Settings

Name	Description
Port	Enter the port the FTP service listens on.
Clients	Enter the maximum number of simultaneous clients.
Connections	Enter the maximum number of connections per IP address. 0 is unlimited.
Login Attempts	Enter the greatest number of attempts client permitted before disconnect. Increase if users are prone to misspellings or typos.
Timeout	Enter the maximum client idle time in seconds before disconnect. Default value is 600 seconds.
Certificate	Select from the dropdown list the SSL certificate to use for TLS FTP connections. Currently listed as freenas_default. To create a certificate, go to System > Certificates.

Advanced Option Settings

Click Advanced Options if you need to customize your FTP service. Advanced Options are more detailed than the Basic Options settings.

Access and TLS Settings

FTPAdvancedOptionsAccessTLS

Access Settings

Name	Description
Always Chroot	Select to only allow users access their home directory if they are in the wheel group. This option increases security risk.
Allow Root Login	Select to allow root logins. Selecting this option increases security risk. Not recommended.
Allow Anonymous Login	Select to allow anonymous FTP logins with access to the directory specified in Path.
Allow Local User Login	By default, only members of the ftp group can to log in. Select this checkbox to allow any local user to log in.
Require IDENT Authentication	Select to require IDENT authentication. Selecting this option results in timeouts when ident (or in shell `identd`) is not running on the client.
File Permissions	Select to define default permissions for newly created files.
Directory Permissions	Select to define default permissions for newly created directories.

TLS Settings

Unless necessary, do not allow anonymous or root access. For better security, enable TLS when possible. This is effectively FTPS. When FTP is exposed to a WAN, enable TLS.

Name	Description
Enable TLS	Select to allow encrypted connections. Requires a certificate. To create or import a certificate go to System > Certificates.
TLS Policy	Select the policy from the dropdown list of options. Options are On, Off, Data, !Data, Auth, Ctrl, Ctrl + Data, Ctrl +!Data, Auth + Data or Auth +!Data. Defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client Renegotiations	Select to allow client renegotiation. This option is not recommended. Selecting this option breaks several security measures. See mod_tls for details.
TLS Allow Dot Login	If selected, TrueNAS checks the user home directory for a .tlslogin file. This file must contain one or more PEM-encoded certificates. System prompts user for password authentication if file not found.
TLS Allow Per User	If selected, allows sending a user password unencrypted.
TLS Common Name Required	Select to require the common name in the certificate match the FQDN of the host.
TLS Enable Diagnostics	Select to make logs more verbose. Useful in troubleshooting a connection.
TLS Export Certificate Data	Select to export the certificate environment variables.
TLS No Certificate Request	Select if the client cannot connect due to a problem with the certificate request. Example: the client server is unable to handle the server certificate request.
TLS No Empty Fragments	Not recommended. This option bypasses a security mechanism.
TLS No Session Reuse Required	This option reduces connection security. Only select if the client does not understand reused SSL sessions.
TLS Export Standard Vars	Select to put in place several environment variables.
TLS DNS Name Required	Select to require the client DNS name resolve to its IP address, and the cert contain the same DNS name.
TLS IP Address Required	Select to require the client certificate IP address match the client IP address.

Bandwidth and Other Settings

FTPAdvancedOptionsBandwidthOther

Bandwitdth Settings

Name	Description
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB)	Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Local User Download Bandwidth	Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Anonymous User Upload Bandwidth	Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.
Anonymous User Download Bandwidth	Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The unlimited default is 0 KiB.

Other Options Settings

Name	Description
Minimum Passive Port	Used by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive Port	Used by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXP	Select to enable the File eXchange Protocol (FXP). Not recommended as this leaves the server vulnerable to FTP bounce attacks.
Allow Transfer Resumption	Select to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS Lookups	Select to allow performing reverse DNS lookups on client IPs. Causes long delays if reverse DNS isn’t configured.
Masquerade Address	Public IP address or host name. Select if FTP clients cannot connect through a NAT device.
Display Login	Specify the message displayed to local login users after authentication. This is not displayed to anonymous login users.
Auxiliary Parameters	Select to add additional proftpd(8 parameters.

LLDP Screen

Network devices often use Link Layer Discovery Protocol (LLDP) to communicate information. This information includes their identities, abilities and peers on a LAN. The LAN is typically wired Ethernet. The TrueNAS LLDP services screen configures LLDP on the system.

ServicesLLDPOptions

General Options

Name	Description
Interface Description	Select to enable receive mode. Interface description stores any peer information received.
County Code	Select the two-letter ISO 3166-1 alpha-2 code used to enable LLDP location support. The dropdown list is a comprehensive list of two-character country codes.
Location	Enter the physical location of the host.

NFS Screen

Network File System (NFS) is an open IETF standard remote file access protocol. Use the Services NFS screen to enable NFS services on your TrueNAS.

NFSServicesScreen

Click SAVE to save settings and return to the Services screen.

Click CANCEL to exit without saving and return to the Services screen.

Name	Description
Number of servers	Enter a number to specify how many servers to create. Increase if NFS client responses are slow. Keep this less than or equal to the number of CPUs reported by `sysctl -n kern.smp.cpus` to limit CPU context switching.
Bind IP Addresses	Select IP addresses from dropdown list to listen to for NFS requests. Leave empty for NFS to listen to all available addresses.
Enable NFSv4	Select checkbox to switch from NFSv3 to NFSv4.
NFSv3 ownership model for NFSv4	Select checkbox to provide specific NFSv4 ACL support. This does not require the client and the server to sync users and groups.
Require Kerberos for NFSv4	Select checkbox to force NFS shares to fail if the Kerberos ticket is unavailable.
Serve UDP NFS clients	Select checkbox if NFS clients need to use the User Datagram Protocol (UDP).
Allow non-root mount	Select checkbox only if required by the NFS client. Select to allow serving non-root mount requests.
Support >16 groups	Select checkbox when a user is a member of more than 16 groups. Requires correct configuration of group membership on the NFS server.
Log mountd(8) requests	Select checkbox to log mountd syslog requests.
Log rpc.statd(8) and rpc.lockd(8)	Select checkbox to log rpc.statd and rpc.lockd syslog requests.
mountd(8) bind port	Enter a number to bind mountd only to that port.
rpc.statd(8) bind port	Enter a number to bind rpc.statd only to that port.
rpc.lockd(8) bind port	Enter a number to bind rpc.lockd only to that port.

The recommendation is to use the default settings for the NFS service. Make changes if there is a need for a specific setting.

OpenVPN Screen

OpenVPN is an open source connection protocol. OpenVPN creates a secure connection between 2 points in a network. VPN services use OpenVPN to safeguard data integrity and provide anonymity. There two OpenVPN services on TrueNAS, the OpenVPN Client and OpenVPN Server.

OpenVPN Client

Use OpenVPN Client to configure the client settings.

ServicesOpenVPNClientOptions

General Options

Name	Description
Client Certificate	Select a valid client certificate from the dropdown list. The option is freenas_default. A certificate must exist on this system that is current and not revoked. Find more about generating certificates and CAs for OpenVPN here.
Root CA	Select the root Certificate Authority used to sign the Client and Server certificates. Find more about generating certificates and CAs for OpenVPN here.
Remote	Enter a valid IP address or domain name to which OpenVPN connects.
Port	Enter a port number to use for the connection.
Authentication Algorithm	Select an algorithm to authenticate packets. The dropdown list provides a list of algorithms to choose from. This is used to confirm packets sent over the network connection. Your network environment might need a specific algorithm. If not, select SHA1 HMAC which is a good standard algorithm to use.
Cipher	Select a cipher algorithm to encrypt data channel packets sent through the connection. While not required, using a cipher increases connection security. Verify if your networking environment requires a particular cipher. If not, AES-256-GCM is a good default choice. The dropdown list provides a list of encryption ciphers to choose from.
Compression	Select a compression algorithm from the dropdown list. Dropdown list options are LZ0 or LZ4. Leave the field empty to send data uncompressed. LZ0 is the standard compression algorithm. It is backwards compatible with previous (pre-2.4) versions of OpenVPN. LZ4 is a newer option that is typically faster with less system resources required.
Protocol	Select the protocol to use when connecting with the remote system. Select from the dropdown list options UDP, UDP4, UDP6, TCP, TCP4 or TCP6. Select UDP or TCP. UDP sends packets in a continuous stream. It is generally faster and less strict about dropped packets than TCP. TCP sends packets sequentially. To force the connection to be IPv4 or IPv6 choose the UDP or TCP version with the 4 or 6 respectively.
Device Type	Select a virtual network interface from the dropdown list. Options are TUN or TAP. The client and server Device Type must be the same. For information see here.
Nobind	Select to enable and to prevent binding to local address and port. Required if running OpenVPN client and server at the same time.
TLS Crypt Auth Enabled	Select to enable or clear checkbox to disable TLS Web Client Authentication.
Additional Parameters	Enter any extra parameters for the client. This manually configures any of the core OpenVPN config file options. Refer to the OpenVPN Reference Manual for descriptions of each option.
TLS Crypt Auth	Encrypts all TLS handshake messages to add another layer of security. OpenVPN server and clients share a required static key. Enter the static key for authentication/encryption of all control channel packets. Must enable tls_crypt_auth_enabled.

OpenVPN Server

Use OpenVPN Server to configure the server settings.

ServicesOpenVPNServerOptions

Configure and save your OpenVPN server settings. Click DOWNLOAD CLIENT CONFIG to generate the certificate file you need from the client system.

Click Client Certificate to generate the configuration file you need from the client system already imported on the system.

General Options

Name	Description
Server Certificate	Select a valid server certificate from the dropdown list. The option is freenas_default. A certificate must exist on this system that is current and not revoked. Find more about generating certificates and CAs for OpenVPN here.
Root CA	Select the root Certificate Authority used to sign the Client and Server certificates. Find more about generating certificates and CAs for OpenVPN here.
Server	Enter the IP address and netmask of the server.
Port	Enter a port number to use for the connection.
Authentication Algorithm	Select an algorithm to authenticate packets. The dropdown list provides a list of algorithms to choose from. Your network environment might require a specific algorithm. If not, select SHA1 HMAC which is a good standard algorithm to use.
Cipher	Select a cipher algorithm to encrypt data channel packets sent through the connection. While not required, using a cipher increases connection security. Verify if your networking environment requires a particular cipher. If not, AES-256-GCM is a good default choice. The dropdown list provides a list of encryption ciphers to choose from.
Compression	Select a compression algorithm from the dropdown list. Dropdown list options are LZ0 or LZ4. Leave the field empty to send data uncompressed. LZ0 is the standard compression algorithm. It is backwards compatible with previous (pre-2.4) versions of OpenVPN. LZ4 is a newer option that is typically faster with less system resources required.
Protocol	Select the protocol to use when connecting with the remote system. Select from the dropdown list options UDP, UDP4, UDP6, TCP, TCP4 or TCP6. Select UDP or TCP. UDP sends packets in a continuous stream. It is generally faster and less strict about dropped packets than TCP. TCP sends packets sequentially. To force the connection to be IPv4 or IPv6 choose the UDP or TCP version with the 4 or 6 respectively.
Device Type	Select a virtual network interface from the dropdown list. Options are TUN or TAP. The client and server Device Type must be the same. For more information see here.
Topology	Select to configure virtual addressing topology when running in TUN mode. Dropdown list options are NET30, P2P or SUBNET. TAP mode always uses a SUBNET topology.
TLS Crypt Auth Enabled	Select to enable or clear checkbox to disable TLS Web Client Authentication.
Additional Parameters	Enter any extra parameters.
TLS Crypt Auth	Encrypting TLS handshake messages adds another layer of security. OpenVPN server and clients share a required static key. Enabling tls_crypt_auth_enabled generates a static key if tls_crypt_auth is not provided. The generated static key is for use with OpenVPN client. Enter that key here.

S.M.A.R.T. Screen

Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.) is an industry standard. S.M.A.R.T. performs disk monitoring and testing. It checks drive reliability and predicts hardware failures.

S.M.A.R.T. tests run on disks. Running tests can reduce drive performance. We recommend scheduling tests when the system is in a low-usage state. Avoid scheduling disk-intensive tests at the same time! For example, do not schedule S.M.A.R.T. tests on the same day as a disk scrub or resilver.

ServicesSMARTOptions

Name	Description
Check Interval	Enter the time in minutes for smartd to wake up and check if any tests are configured to run.
Power Mode	Select the power mode from the dropdown list. Options are Never, Sleep, Standby or Idle. S.M.A.R.T. only tests when the Power Mode is Never.
Difference	Enter a number of degrees in Celsius. S.M.A.R.T. reports if a drive temperature changes by N degrees Celsius since the last report.
Informational	Enter a threshold temperature in Celsius. S.M.A.R.T. sends a message with a LOG_INFO log level if the temperature is above the threshold.
Critical	Enter a threshold temperature in Celsius. S.M.A.R.T. sends a message with a LOG_CRIT log level and send an email if the temperature is above the threshold.

S3 Screen (deprecated)

Due to security vulnerabilities and maintainability issues, the S3 service is deprecated in TrueNAS 13.0 and removed in TrueNAS 22.12 and newer versions. Beginning in CORE 13.0-U6, the CORE web interface generates an alert when the deprecated service is either actively running or is enabled to start on boot.
TrueNAS Enterprise
Beginning in CORE 13.0-U6, Enterprise customers with the S3 service running or enabled are prevented from upgrading to 13.3.
Please contact iX Support to review options for migrating to a TrueNAS release that has Minio applications available.
Contacting Support
Customers who purchase iXsystems hardware or that want additional support must have a support contract to use iXsystems Support Services. The TrueNAS Community forums provides free support for users without an iXsystems Support contract.
iXsystems Customer Support
Support Portal https://support.ixsystems.com
Email support@ixsystems.com
Telephone and Other Resources https://www.ixsystems.com/support/

SMB Service Screen

Use the Services SMB screen to configure SMB service settings. Unless a specific setting is needed or configuring for a specific network environment, it is recommended to use the default settings for the SMB service.

SMBServiceOptions

Basic Options

Name	Description
NetBIOS Name	Populates with the original host name of the system truenas. Enter a name that does not exceed 15 characters and is not the same name in Workgroup.
NetBIOS Alias	Enter any aliases, separated by spaces. Each alias can be up to 15 characters long.
Workgroup	Value must match Windows workgroup name. If unconfigured, TrueNAS uses Active Directory or LDAP to detect and select the correct workgroup. Active Directory or LDAP must be active for TrueNAS to do this.
Description	Optional. Enter a server description.
Enable SMB1 support	Select to allow legacy SMB clients to connect to the server. Note that SMB1 is being deprecated. The recommendation is to upgrade the client OS. The OS upgrade should support modern versions of the SMB protocol.
NTLMv1 Auth	Select to allow smbd(8) attempts to authenticate users with NTLMv1 encryption. NTLMv1 is not secure and is a vulnerability. NTLMv1 authentication is off by default. This setting allows backward compatibility with older versions of Windows. It is not recommended. Do not use on untrusted networks.

Advanced Options

SMBServiceAdvanced

Name	Description
Unix Charset	Select an option from the dropdown list. Default is UTF-8 which supports all characters in all languages.
Log Level	Select an option from the dropdown list. Options are None, Minimum, Normal, Full or Debug. Records SMB service messages up to the specified log level. Logs error and warning level messages by default.
Use Syslog Only	Select to log authentication failures in /var/log/messages instead of the default /var/log/samba4/log.smbd.
Local Master	Select to determine if the system participates in a browser election. Leave checkbox clear when the network contains an AD or LDAP server. Leave checkbox clear when Vista or Windows 7 machines are present.
Enable Apple SMB2/3 Protocol Extensions	Select to allow macOS to use these protocol extensions. Improves the performance and behavioral characteristics of SMB shares. Required for Apple Time Machine support.
Administrators Group	Select an option from the dropdown list. Members of this group are local admins. Local admins have privileges to take ownership of any file in the SMB share. They can reset permissions. Local admins can administer the SMB server through the Computer Management MMC snap-in.
Guest Account	Select an account to use for guest access from the dropdown list. Default is nobody. The selected account must have permissions to the shared pool or dataset. To adjust permissions, edit the dataset Access Control List (ACL). Add a new entry for the selected guest account, and configure the permissions in that entry. Deleting the selected user in Guest Account resets the field to nobody.
File Mask	Overrides default file creation mask of 0644. File creation mask 0644 creates files with read and write access for everybody.
Directory Mask	Overrides default directory creation mask of 0755. Directory creation mask 0755 grants directory read, write and execute access for everybody.
Bind IP Addresses	Select from the dropdown list. These are the static IP addresses which SMB listens on for connections. If not selected, defaults to listen on all active interfaces.
Auxiliary Parameters	Enter additional smb.conf options. See the Samba Guide for more information on these settings. To log more details when a client attempts to authenticate to the share, add log level = 1, auth_audit:5.

SNMP Screen

Simple Network Management Protocol (SNMP) is an Internet Standard protocol. SNMP gathers and sorts data about managed devices on IP networks, such as LANs and WANs. Use the SNMP screen to configure SNMP service on your TrueNAS.

ServicesSNMPScreen

After selecting SNMP v3 Support more configuration fields display.

After filling in all required fields with appropriate values, the SAVE button activates. Click SAVE to save settings.

Click CANCEL to exit without saving and display the Services screen.

Field Descriptions

General Options

Name	Description
Location	Enter the location of the system.
Contact	Enter the email address to receive SNMP service messages.
Community	Enter a community other than the default public to increase system security. Value can only contain alphanumeric characters, underscores (_), dashes (-), periods (.), and spaces. Not required and can leave this empty for SNMPv3 networks.

SNMP v3 Options

Name	Description
SNMP v3 Support	Select to to enable support for SNMP version 3. See snmpd.conf(5) for configuration details.
Username	Enter a user name to register with this service.
Authentication Type	Select an authentication method: — for none, SHA, or MD5 from the dropdown list.
Password	Enter a password of at least eight characters.
Privacy Protocol	Select a privacy protocol: — for none, AES, or DES from the dropdown list.
Privacy Passphrase	Enter a separate privacy passphrase. Password is used when this is left empty.

Other Options

Name	Description
Auxiliary Parameters	Enter any additional snmpd.conf options. Add one option for each line.
Expose zilstat via SNMP	Select to enable. If enabled this option might have performance implications on your pools.
Log Level	Select how many log entries to create. Dropdown list options are Emergency, Alert, Critical, Error, Warning, Notice, Info and Debug.

SSH Screen

Secure Socket Shell (SSH) is a network communication protocol. It provides encryption to secure data. Use the SSH services screen to configure SSH File Transfer Protocol (SFTP). SFTP is available by enabling SSH remote access to the TrueNAS system.

Allowing external connections to TrueNAS is a security vulnerability! Enable SSH only when there is a need for external connections. See Security Recommendations for more security considerations when using SSH.

SSHBasicOptionsScreen

General Options

Name	Description
TCP Port	Open a port for SSH connection requests. Enter the port number.
Log in as Root with Password	Select to allow root logins. It is not recommended to allow root logins! A password must be set for the root user account.
Allow Password Authentication	Select to allow password authentication. Enabling allows SSH login authentication using a password. Warning: Determine if directory services are enabled. If so, this setting grants access to all users imported by directory service. When disabled, authentication requires keys for all users. Involves extra SSH client and server setup.
Allow Kerberos Authentication	Select to allow Kerberos authentication. Before enabling this option, valid entries must exist in: Directory Services > Kerberos Realms Directory Services > Kerberos Keytabs The system must be able to communicate with the Kerberos domain controller.
Allow TCP Port Forwarding	Select to allow users to bypass firewall restrictions using SSH port forwarding. For best security, leave disabled and deny shell access to users.

ADVANCED OPTIONS displays additional configuration fields to set up SSH for specific uses cases.

SSHAdvancedOptionsScreen

Advanced Options

Name	Description
Bind Interfaces	Select interfaces on your system from the dropdown list for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress Connections	Select to attempt to reduce latency over slow networks.
SFTP Log Level	Select the syslog(3) facility of the SFTP server option from the dropdown list. Options are Quiet, Fatal, Error, Info, Verbose, Debug, Debug2 or Debug3.
SFTP Log Facility	Select the syslog(3) facility of the SFTP server option from the dropdown list. Options are Daemon, User, Auth and Local 0 through Local7.
Weak Ciphers	Select a cipher from the dropdown list. Options are None or AES128-CBC. To allow more ciphers for sshd(8) in addition to the defaults in sshd_config(5). Use None to allow unencrypted SSH connections. Use AES128-CBC to allow the 128-bit Advanced Encryption Standard. WARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary Parameters	Add any more sshd_config(5) options not covered in this screen. Enter one option per line. Options added are case-sensitive. Misspellings can prevent the SSH service from starting.

TFTP Screen

Trivial File Transfer Protocol (TFTP) is a basic protocol designed for simple file transfer. It provides no user authentication or the ability to browse a directory hierarchy. Use the TFTP service screen to configure TFTP service on the TrueNAS.

TFTPScreen

TFTP Service Screen Settings

Path

Name	Description
Directory	Browse to an existing directory to use for storage. Some devices can require a specific directory name. Consult the documentation for that device to see if there are any restrictions. Click the > to the left of /mnt to open a list of directories.

Connection

Name	Description
Host	The default host to use for TFTP transfers. Enter an IP address. For example, 192.0.2.1 or in Shell `192.0.2.1`
Port	The UDP port number that listens for TFTP requests. For example, 8050 or in Shell `8050`.
Username	Select the account to use for TFTP requests from the dropdown list. Options include but are not limited to root, daemon, operator, nobody and all other user names on the system. This account must have permission to what is specified in Directory.

Access

Name	Description
File Permissions	Adjust the User and Group file permissions. Use the Read, Write and Execute checkboxes. Select all that apply.
Allow New Files	Select when network devices need to send files to the system.

Other Options

Name	Description
Auxiliary Parameters	Add more options from tftpd. Add one option on each line.

UPS Screen

An uninterruptible power supply is a hardware device that provides a backup source of power in the event of a power outage. Use the UPS services screen to configure a UPS for your TrueNAS.

TrueNAS Enterprise
TrueNAS High Availability (HA) systems are not compatible with uninterruptible power supplies (UPS).

SAVE activates after all required fields are populated.

CANCEL exits without saving and returns you to the Services screen.

General Options

Name	Description
Identifier	Type a description for the UPS device. You can use alphanumeric, period (.), comma (,), hyphen (-), and underscore (_) characters. This is a required field.
UPS Mode	Select mode from the dropdown list. Master is an option if the UPS plugs directly into the system serial port. Select Slave to have this system shut down before the master system. The UPS remains the last item to shut down. See the Network UPS Tools Overview.
Driver	Select the device driver from the dropdown list. See the Network UPS Tools compatibility list for a list of supported UPS devices. This is a required field.
Port or Hostname	Select the serial or USB port connected to the UPS from the dropdown list. Options include a list of ports on your system and auto. Select auto to automatically detect and manage the USB port settings. Enter the IP address or host name of the SNMP UPS device when selecting an SNMP driver. If the UPS Mode field is set as Master, this is a required field. If set to Slave this field is not required.

Monitor

Name	Description
Monitor User	Enter a user to associate with this service. Keeping the default is recommended.
Monitor Password	Change the default password to improve system security. The new password cannot include a space or #.
Extra Users	Enter accounts that have administrative access. See upsd.users(5) for examples.
Remote Monitor	Select to have the default configuration listen on all interfaces using the known values of user: upsmon and password: fixmepass.

Shutdown

Name	Description
Shutdown Mode	Select the battery option to use when the UPS initiates shutdown. Dropdown list options are UPS reaches low battery or UPS goes on battery.
Shutdown Timer	Enter a value in seconds for the UPS to wait before initiating shutdown. Shutdown does not occur if power is restored while the timer is counting down. This value only applies when Shutdown Mode is set to UPS goes on battery.
Shutdown Command	Enter a command to shut down the system when either battery power is low or the shutdown timer ends.
Power off UPS	Select for the UPS to power off after shutting down the system.

Email

Name	Description
Send Email Status Updates	Select to enable sending messages to the address defined in the Email field.
Email	Enter any email addresses to receive status updates. Separate entries by pressing `Enter`.
Email Subject	Enter the subject for status emails.

Other Options

Name	Description
No Communication Warning Time	Enter the number of seconds to wait before alerting that the service cannot reach any UPS. Warnings continue until situation resolved.
Host Sync	Length of time in seconds for upsmon to wait while in master mode for the slaves to disconnect. This applies during a shutdown situation.
Description	Enter a description for this service.
Auxiliary Parameters (ups.conf)	Enter any extra options from ups.conf.
Auxiliary Parameters (upsd.conf)	Enter any extra options from upsd.conf.

WebDAV Services Screen

The WebDAV protocol contains extensions to HTTP. These extensions expand the capabilities of a webserver. It can act as a collaborative authoring and management tool for web content. Use the Services WebDAV screen to enable WebDAV services on your TrueNAS.

Click ADD to open the WebDAV settings screen.

ServicesWebDAVSettings

General Options

Name	Description
Protocol	Select the protocol from the dropdown list. HTTP keeps the connection unencrypted. HTTPS encrypts the connection. HTTP+HTTPS allows both types of connections.
HTTP Port	Specify a port for unencrypted connections. The default port 8080 is recommended. Do not reuse a port.
HTTP Authentication	Select the HTTP authentication type from the dropdown list. Basic Authentication is unencrypted. Digest Authentication is encrypted. Select No Authentication when you don’t want to use authentication.
Webdav Password	Change the default of davtest as davtest is a known value.

Jails, Plugins and Virtual Machines (Obsolete)

As of TrueNAS 13.3, virtualization features (plugins, jails, and virtual machines) are obsolete and provided without support to the TrueNAS Community.
Instances (Incus-powered containers and virtual machines) are an experimental feature intended for community testing only. Developers, testers, and early adopters can migrate to TrueNAS 25.04 to experiment with instances; however, it is important to note that this feature remains experimental until the release of TrueNAS 25.10. Functionality could change significantly between releases, and instances might not upgrade reliably. Use this feature for testing purposes only and do not rely on it for production workloads.
General and mission-critical users should move to TrueNAS 24.10, as this version provides a stable non-experimental VM feature.
For more guidance, refer to the Software Status definitions. TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.

This section describes the different screens related to the obsolete virtualization features in TrueNAS 13.3.

Jails, Plugins, and Virtual Machine Contents

Jails Screens (Obsolete): Describes the fields in the obsolete Jails screen in TrueNAS 13.3.

Virtual Machines (Obsolete): Describes the fields in the obsolete Virtual Machines screen in TrueNAS 13.3.

Plugins Screens (Obsolete): Describes the obsolete Plugins screen in TrueNAS 13.3.

Jails Screens (Obsolete)

As of TrueNAS 13.3, virtualization features (plugins, jails, and virtual machines) are obsolete and provided without support to the TrueNAS Community.
Instances (Incus-powered containers and virtual machines) are an experimental feature intended for community testing only. Developers, testers, and early adopters can migrate to TrueNAS 25.04 to experiment with instances; however, it is important to note that this feature remains experimental until the release of TrueNAS 25.10. Functionality could change significantly between releases, and instances might not upgrade reliably. Use this feature for testing purposes only and do not rely on it for production workloads.
General and mission-critical users should move to TrueNAS 24.10, as this version provides a stable non-experimental VM feature.
For more guidance, refer to the Software Status definitions. TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.

The Jails screen displays a list of jails installed on your system. Use to add, edit or delete jails.

JailsScreen

Use the blue Columns dropdown list to display options to change the information displayed in the list of tables. Options are Select All, JID, Boot, State, Release, IPv4, IPv6, Type, Template, Basejail or Reset to Defaults.

Use the settings icon to set the pool to use for jail storage.

Use ADD to display the first configuration Wizard screen and to access the ADVANCED JAIL CREATION button to display advanced jail configuration screens.

Individual Jail Screen

Click the chevron_right icon to display the individual jail screen, the primary settings and additional action options for that jail.

Click the expand_more icon to collapse the individual jail screen.

Jails Options

Name	Description
EDIT	Used to modify the settings described in Advanced Jail Creation below. You cannot edit a jail while it is running. You can only view read only settings until you stop the jail operation.
MOUNT POINTS	Select an existing mount point to edit. Either click EDIT or ACTIONS > Add Mount Point to create a mount point for the jail. A mount point gives a jail access to storage located elsewhere on the system. You must stop a jail before adding, editing, or deleting a mount point.
RESTART	Stops and immediately starts a jail that is running or up.
START	Starts a jail that has a current STATE of down.
STOP	Stops a jail in the current STATE of up.
UPDATE	Runs freebsd-update to update the jail to the latest patch level of the installed FreeBSD release.
SHELL	Displays the Shell screen with access to a root command prompt where you can interact with a jail directly from the command line. Type `exit` to leave the command prompt or click Jails on the breadcrumb at the top of the screen to return to the Jails screen.
DELETE	Deletes the selected jail. Caution: deleting the jail also deletes all of the jail contents and all associated snapshots. Back up the jail data, configuration, and programs first. There is no way to recover the contents of a jail after deleting it!

Action options change based on the jail state. For example, a stopped jail does not have a STOP or SHELL option.

Jail Creation Options

TrueNAS has two options to create a jail, the Wizard or the Advanced Jail Creation option at the bottom of the Wizard screen. The Jail Wizard makes it easy to create a jail. ADVANCED JAIL CREATION opens the advanced configuration screen with all possible jail configuration settings. We recommend that only advanced users with specific requirements for a jail use this form.

Jail Wizard

Use the jail-creation Wizard to add a new jail by following and completing required fields in a pre-determined order. The wizard is the simplest process to create and configure a new jail. Click ADD to display the first of three Wizard configuration screens.

Name Jail and Choose FreeBSD Release Screen

This screen includes the jail name, type, and release settings.

Name Jail and Choose FreeBSD Release Settings

Setting	Description
Name	Required. Enter a name using letters, numbers, or the period (.), dash (-), or underscore (_) special characters. You can rename a jail after creating and saving it.
Jail Type	Select an option from the dropdown list. Options are Default (Clone Jail) or Basejail. Use Default (Clone Jail) to clone jails that are clones of the value specified in Release. These are linked to that release, even if they are upgraded. Use Basejails to mount the specified release directories as nullfs mounts over the jail directories. Basejails are not linked to the original release when upgraded. Versions of FreeBSD are downloaded the first time they are used in a jail. Additional jails created with the same version of FreeBSD are created faster because the download is already complete.
Release	Select the FreeBSD release to use as the jail operating system option from the dropdown list. Options are 12.4-RELEASE or 13.2-RELEASE. Jails can run FreeBSD versions up to the same version as the host system. Newer releases are not shown.
Advanced Jail Creation	Opens the Advanced Jail Creation screens. This form is only recommended for advanced users with very specific requirements for a jail.

Configure Networking Screen

This screen includes DHCP, NAT or VNET, IPV4 IP or IPv6 interface, address, and netmask, and default router, and the IPv6 prefix.

Configure Networking Settings

Name	Description
DHCP Autoconfigure IPv4	Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Select VNET and Berkeley Packet Filter with this option.
NAT	Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET	Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
vnet_default_interface	Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface	Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address	Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask	Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router	Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6	Select to use Stateless Address Auto Configuration (SLAAC) to auto-configure IPv6 in the jail.
IPv6 Interface	Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address	Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Prefix	Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router	Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not able to access any networks.

Confirm Options Screen

This screen shows a summary of the jail settings entered or selected on the Wizard screens.

Next advances to the next screen.

Back returns to the previous screen.

SUBMIT saves all settings and creates the Jail.

Cancel closes the current screen and exits the configuration process without saving.

Advanced Jail Creation

The Advanced Jail Creation screen has four expandable configuration areas:

Basic Properties
Jail Properties
Network Properties
Custom Properties

Click the expand_more icon to collapse any area of configuration settings.

Use Next to advance to the next configuration settings section, or click the expand_less icon to expand a configuration settings area.

Basic Properties

The Basic Properties area includes the jail name, type, FreeBSD release, and network settings.

Jail Basic Properties Settings

Name	Description
Name	Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
Jail Type	Select an option from the dropdown-list. Options are Default (Clone Jail) or Basejail. Use Default (Clone Jail) to clone jails that are clones of the specified value in Release. They are linked to that release, even if they are upgraded. Use Basejails to mount the specified release directories as nullfs mounts over the jail directories. Basejails are not linked to the original release when upgraded.
Release	Select an option from the dropdown list. Options are 12.2-RELEASE or 13.0-RELEASE. This is the FreeBSD release to use as the jail operating system. Jails can run FreeBSD versions up to the same version as the host system. Newer releases are not shown.
DHCP Autoconfigure IPv4	Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Also select VNET and Berkeley Packet Filter with this selected option.
NAT	Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET	Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
Berkeley Packet Filter	Select to use the Berkeley Packet Filter (BPF(4)) to data-link layers in a protocol independent fashion.
vnet_default_interface	Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface	Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address	Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask	Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router	Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6	Select to use Stateless Address Auto Configuration (SLAAC) to autoconfigure IPv6 in the jail.
IPv6 Interface	Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address	Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Netmask	Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router	Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not be able to access any networks.
Auto Start	Select to auto-start the jail at system boot time. Jails are started and stopped based on iocage priority. Set in the Custom Properties priority field.

Jail Properties

The Jail Properties area includes the jail ruleset to follow, commands to run in the system or jail environment, jail user, allow or deny SYSV IPC message, shared memory primitives, or semaphore primitives, VNET interfaces, and other jail settings.

Jail Properties Settings

Name	Description
devfs_ruleset	The devfs(8) ruleset number to enforce when mounting devfs in the jail. The default 0 means no ruleset is enforced. Mounting devfs inside a jail is only possible when the allow_mount and allow_mount_devfs permissions are enabled and enforce_statfs is set to a value lower than 2.
exec_start	Commands to run in the jail environment after the jail is created. Example: `sh /etc/rc`. The pseudo-parameters section of JAIL(8) describes exec.start usage.
exec_stop	Commands to run in the jail environment before the jail is removed and after exec.prestop commands complete. Example: sh /etc/rc.shutdown.
exec_prestart	Commands to run in the system environment before a jail is started.
exec_poststart	Commands to run in the system environment after a jail is started and after any exec_start commands are finished.
exec_prestop	Commands to run in the system environment before a jail is stopped.
exec_poststop	Commands to run in the system environment after a jail is stopped.
exec_jail_user	Enter either root or another valid username. Inside the jail, this user runs the commands.
exec_system_user	Run commands in the jail as this user. By default, the current user runs these commands.
securelevel	The value of the jail securelevel sysctl. A jail never has a lower securelevel setting than the host system. Setting this parameter allows a higher securelevel setting. If the host system securelevel* setting is changed, the jail secure level is at least as secure.
sysvmsg	Allows or denies access to SYSV IPC message primitives. Use the dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select *New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmsg related system calls.
sysvsem	Allows or denies access to SYSV IPC semaphore primitives. Use dropdown list to select from Inherit, New or Disable. Use Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmem related system calls.
sysvshm	Allows or denies access to SYSV IPC shared memory primitives. Use dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvshm related system calls.
vnet_interfaces	A space-delimited list of network interfaces attached to a VNET enabled jail after it is created. Interfaces are released when the jail is removed.
allow_set_hostname	Select to allow changing the jail host name with hostname(1) or sethostname(3).
allow_sysvipc	Select to choose whether a process in the jail has access to System V IPC primitives. Equivalent to setting sysvmsg, sysvsem, and sysvshm to Inherit. Deprecated in FreeBSD 11.0 and newer! Use sysvmsg, sysvsem, and sysvshm instead.
allow_raw_sockets	Select to allow raw sockets. Utilities like ping(8) and traceroute(8) require raw sockets. When selected, source IP addresses are enforced to comply with the IP addresses bound to the jail, ignoring the IP_HDRINCL flag on the socket.
allow_chflags	Select to treat jail users as privileged and allow the manipulation of system file flags. Secure level constraints are still enforced.
allow_mlock	Enables running services that require mlock(2) in a jail.
allow_vmm	Allows the jail to access the bhyve virtual machine monitor (VMM). The jail must have FreeBSD 12.0 or newer installed with the vmm(4) kernel module loaded.
allow_quotas	Select to allow the jail root to administer quotas on jail file systems. This includes file systems the jail shares with other jails or with non-jailed parts of the system.
allow_socket_af	Select to allow access to other protocol stacks beyond IPv4, IPv6, local (UNIX), and route. Warning, jail functionality does not exist for all protocol stacks.
allow_mount	Select to allow privileged users inside the jail to mount and unmount file system types marked as jail-friendly. Also use dropdown list to select from list of options allow_mount_devfs, allow_mount_fusefs, allow_mount_nullfs, allow_mount_procfs, allow_mount_tmpfs or allow_mount_zfs.

Network Properties

The Network Properties area includes the assigned interface(s), host name, domain name, resolver, rounding table to use, and IP address type (v4 or v6), mac prefix, and NAT interface and port forwarding settings.

Network Properties Settings

Name	Description
Interfaces	Use to enter up to four interface configurations in the format interface:bridge, separated by a comma (,), where the left value is the virtual VNET interface name and the right value is the bridge name where to attach the virtual interface.
host_domainname	Use to enter a NIS domain name for the jail.
host_hostname	Use to set the jail host name. Defaults to the jail UUID.
resolver	Use to add lines to the jail resolv.conf. For example, nameserver IP;search domain.local. Delimit fields with a semicolon (;), this translates as new lines in resolv.conf. Enter none to inherit resolv.conf from the host.
exec_fib	Enter the routing table (FIB) to use when running commands inside the jail.
ip4.saddrsel	Select to disable IPv4 source address selection for the jail in favor of the primary IPv4 address of the jail. Only available when the jail is not configured to use VNET.
ip6.saddrsel	Select to disable IPv6 source address selection for the jail in favor of the primary IPv6 address of the jail. Only available when the jail is not configured to use VNET.
ip4	Controls the availability of IPv4 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip4_addr. Select Disable to stop the jail from using IPv4 entirely.
ip6	Controls the availability of IPv6 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip6_addr. Select Disable to stop the jail from using IPv6 entirely.
mac_prefix	Enter a valid MAC address vendor prefix. For example, E4F4C6.
vnet0_mac	Use to assign a fixed MAC address. Leave this field empty to generate random MAC addresses for the host and jail. To assign fixed MAC addresses, enter the MAC address to assign to the host, a space, then the MAC address to assign to the jail.

Custom Properties

The Custom Properties area includes the priority for the jail at boot time, jail host ID, setting this jail as a template, system host time to synchronize time between the jail and host, enabling ZFS jailing inside the jail, defining the dataset to be jailed and to be fully handed over to a jail, entering a mount point for the jail_zfs_dataset, tun settings, and other local host, IP host name, and IPV6 autoconfigure settings.

Custom Properties Settings

Virtual Machines (Obsolete)

As of TrueNAS 13.3, virtualization features (plugins, jails, and virtual machines) are obsolete and provided without support to the TrueNAS Community.
Instances (Incus-powered containers and virtual machines) are an experimental feature intended for community testing only. Developers, testers, and early adopters can migrate to TrueNAS 25.04 to experiment with instances; however, it is important to note that this feature remains experimental until the release of TrueNAS 25.10. Functionality could change significantly between releases, and instances might not upgrade reliably. Use this feature for testing purposes only and do not rely on it for production workloads.
General and mission-critical users should move to TrueNAS 24.10, as this version provides a stable non-experimental VM feature.
For more guidance, refer to the Software Status definitions. TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.

The Virtual Machines screen displays a list of virtual machines (VM) configured on your system.

VirtualMachinesScreen

Use the blue COLUMNS button to display a list of options to customize the list view. Options are Select All, Autostart, Virtual CPUs, Cores, Threads, Memory Size, Boot Loader Type, System Clock, VNC Port, Com Port, Description, Shutdown Timeout or Reset to Defaults.

Use ADD to display the Virtual Machines configuration Wizard.

The State toggle indicates the current state of the VM. Hover over the toggle with your mouse to see the state as STOPPED or RUNNING. The toggle turns blue when it is running.

Select the Autostart checkbox to set the VM to start automatically after a system reboot, or clear the checkbox to require manually starting the VM after a system reboot.

Virtual Machine Wizard

The Wizard consists of six individual configuration screens.

Confirmation Options displays the summary of settings. You can use BACK to return to previous screens to make changes or use SUBMIT to save settings and create the virtual machine.

To make changes after saving the VM, select the VM on the list, expand it, and select EDIT.

You cannot advance to the next screen if the current screen has required fields. After entering all required information you can advance to the next screen.

Use Next to advance to the next wizard configuration form.

Use Back to return to a previous wizard configuration form.

Use Cancel to exit the configuration wizard.

The blue edit icons preceding each Wizard screen name, at the top of the screen, allow you to jump to the screen you selected but only if you have populated all required fields on the current screen and any screen that follows in the sequence of screens. If you select a screen that follows a Wizard screen that has required fields and you have not provided the information those required fields wants, the screen you selected does not display. You must enter all required fields before you can freely move around in the Wizard screens.

Operating System Settings

Name	Description
Guest Operating System	Required field. Select the VM operating system type from the dropdown list three operating systems listed Windows, Linux or FreeBSD.
Name	Enter an alphanumeric name for the virtual machine.
Description	(optional) Enter a description for the OS.
System Clock	Required field. Specifies the VM system time. Select from the dropdown list options Local or UTC. Default is Local.
Boot Method	Select from the dropdown list options UEFI, UEFI-CSM or Grub. Select UEFI for newer operating systems or UEFI-CSM (Compatibility Support Mode) for older operating systems that only support BIOS booting. Grub is not recommended but can be used when the other options do not work.
Shutdown Timeout	The time in seconds the system waits for the VM to cleanly shut down. During system shutdown, the system initiates power-off for the VM after the shutdown timeout expires.
Start on Boot	Select to start this VM when the system boots.
Enable VNC	Select to enable a VNC (Virtual Network Computing) remote connection. Requires UEFI booting.
Delay VM Boot Until VNC Connects	Select to wait to start VM until VNC client connects.
Bind	Required field. Select from the dropdown list options 0.0.0.0, ::, ::1 or the system IP addresses provided on the list. VNC network interface IP address. The primary interface IP address is the default. A different interface IP address can be chosen.

CPU and Memory Settings

Name	Description
Virtual CPUs	Number of virtual CPUs to allocate to the virtual machine. The maximum is 16, or fewer if the host CPU limits the maximum. The VM operating system might also have operational or licensing restrictions on the number of CPUs.
Cores	Specify the number of cores per virtual CPU socket. The product of vCPUs, cores, and threads must not exceed 16.
Threads	Specify the number of threads per core. The product of vCPUs, cores, and threads must not exceed 16.
Memory Size	Allocate RAM for the VM. Minimum value is 256 MiB. This field accepts human-readable input (Ex. 50 GiB, 500M, 2 TB). If units are not specified, the value defaults to bytes.

Disk Settings

Name	Description
Create new disk image	Select to create a new zvol on an existing dataset. This is used as a virtual hard drive for the VM. Select Use existing disk image to use an existing zvol or file for the VM.
Select Disk Type	Select desired disk type from the dropdown list options AHIC or VirtIO.
Zvol Location	Rerquired field. Select a dataset for the new zvol.
Size	Allocate space for the new zvol. (Examples: 500 KiB, 500M, 2 TB) MiB. Units smaller than MiB are not allowed.

Network Interface Settings

Name	Description
Adapter Type	Required field. Select an adapter from the dropdown list. Intel e82545 (e1000) emulates the same Intel Ethernet card. This provides compatibility with most operating systems. VirtIO provides better performance when the operating system installed in the VM supports VirtIO paravirtualized network drivers.
Mac Address	Enter the desired address into the field to override the randomized MAC address.
Attach NIC	Required field. Select the physical interface to associate with the VM from the dropdown list options.

Installation Media Settings

Name	Description
Choose Installation Media Image	Browse to the operating system installer image file.
Upload an Installer Image File	Set to display image upload options.

Individual Virtual Machine Screen

The individual virtual machine screens display the VM settings and provide optional operation buttons for that VM. Click the icon to expand that virtual machine and access current settings and operation actions.

VMScreenExpanded

The following operations are available on each VM screen:

Operation	Icon	Description
RESTART	replay	Retarts the VM.
POWER OFF	power_settings_new	Powers off and halts the VM, similar to turning off a computer power switch.
STOP		Stops a running VM. Because a virtual machine does not always respond well to STOP use the option to force the stop when prompted.
START		Starts a VM. The toggle turns blue when the VM switches to running.
EDIT	mode_edit	Displays the Virtual Machines > Edit screen. You cannot edit a VM while it is running. You must first stop the VM and then you can edit the properties and settings.
DELETE		Deletes a VM. You cannot delete a virtual machine that is running. You must first stop the VM and then you can delete it.
DEVICES		Displays the list of devices for this virtual machine.
CLONE		Makes an exact copy or clone of the VM that you can select and edit. A Name dialog displays where you can enter a name for the cloned VM. Naming the clone VM is optional. The cloned VM displays on the virtual machines list with the extension _clone0. If you clone the same VM again the extension for the second clone is clone1.
VNC		Opens a noVNC window that allows you to connect to a VNC client.
SERIAL		Opens the shell.

The STOP button and the system State toggle both try to send an ACPI power-down command to the VM operating system. Sometimes the commands time out, so it is better to use the POWER OFF button instead.

Plugins Screens (Obsolete)

As of TrueNAS 13.3, virtualization features (plugins, jails, and virtual machines) are obsolete and provided without support to the TrueNAS Community.
Instances (Incus-powered containers and virtual machines) are an experimental feature intended for community testing only. Developers, testers, and early adopters can migrate to TrueNAS 25.04 to experiment with instances; however, it is important to note that this feature remains experimental until the release of TrueNAS 25.10. Functionality could change significantly between releases, and instances might not upgrade reliably. Use this feature for testing purposes only and do not rely on it for production workloads.
General and mission-critical users should move to TrueNAS 24.10, as this version provides a stable non-experimental VM feature.
For more guidance, refer to the Software Status definitions. TrueNAS Enterprise customers can contact iXsystems to schedule a TrueNAS 24.04 or newer deployment.

Use the Plugins screen to install and maintain 3rd party applications on your TrueNAS storage systems.

PluginsScreen

Use the blue Columns dropdown list to display options to change the information displayed in the lis to of tables. Options are Select All, Status, Admin Portals, IPv4 Address, IPv6 Address, Version, Plugin, Release, Boot, Collection or Reset to Defaults.

Use the settings icon to set the pool to use for Plugin and Jail Manager storage.

Use Browse a Collection to select 3rd party applications from either the iXsystems or Community libraries.

Use REFRESH INDEX to update the index of applications.

Use INSTALL to display the Plugins Add configuration screen and to access the ADVANCED PLUGIN INSTALLATION button to display advanced Plugin and jail configuration screens.

Individual Plugin Screen

Click the chevron_right icon to display the individual plugin screen with the IP address and name for the plugin, the release and version and Github location for the collection. It includes additional action options for that plugin.

Click the expand_more icon to collaspe the individual plugin screen.

PluginDetailScreen

Name	Description
Manage	Displays the System Overview screen for that application. For example, the netdatajail system overview with CPU and load graphics and options to view other information about this application.
MOUNT POINTS	Displays the Jails Mount Points of nameofpluginjail screen. Click ACTIONS and select either Add to create a mount point for the jail used by the plugin, or Go Back to Jails to open the Jails screen. A mount point gives a jail access to storage located elsewhere on the system. You must stop a jail before adding, editing, or deleting a mount point. See Additional Storage for more details.
RESTART	Starts a stopped plugin.
STOP	Stops a plugin and the associated jail.
UPDATE	Displays the Update plugin dialog where you can select the option to Update jail as well. Select Confirm to activate the UPDATE button.
Uninstall	Displays a verification dialog for the plugin and related jail. Type the name displayed in the dialog and select Confirm to activate the DELETE button.

Plugin Add Screen

Use the Add screen to install the plugin highlighted on the Plugins screen for a simple basic install of a third party application. Use the ADVANCED PLUGIN INSTALLATION button to open the advanced configuration screens with all possible configuration settings for the plugin and related jail. This form is recommended only for advanced users with very specific requirements for a jail.

PluginsAddScreen

Setting	Description
Plugin Name	Displays the name of the plugin highliged on the Plugin screen.
Jail Name	Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
DHCP	Select to allow DHCP to configure networking for the jail.
NAT	Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
IPv4 Interface	Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address	Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask	Select the IPv4 netmask for the jail from the dropdown list.
IPv6 Interface	Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address	Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Prefix	Select the IPv6 prefix for the jail from the dropdown list.
Advanced Plugin Installation	Opens the advanced configuration screens. This form is recommended only for advanced users with very specific requirements for a jail.

Advanced Plugin Installation

The Advanced Plugin Installation screens include four expandable configuration areas:

Basic Properties
Jail Properties
Network Properties
Custom Properties

Click the expand_more icon to collaspe any area of configuration settings.

Use Next to advance to the next configuration settings section, or click the expand_less icon to expand the configuration settings area.

Jail Basic Properties Screen

Name	Description
Plugins Name	Displays the name of the plugin highlighed on the Plugins screen. This field is not editable.
Name	Required field. Enter a name that can include letters, numbers, periods (.), dashes (-), and underscores (_).
DHCP Autoconfigure IPv4	Select to auto-configure jail networking with the Dynamic Host Configuration Protocol (DHCP). Also select VNET and Berkeley Packet Filter with this selected option.
NAT	Network Address Translation (NAT) to transform local network IP addresses into a single IP address. Select when the jail shares a single connection to the Internet with other systems on the network.
VNET	Select to use VNET(9) to emulate network devices for the jail. A fully virtualized per-jail network stack is installed.
Berkeley Packet Filter	Select to use the Berkeley Packet Filter (BPF(4)) to data-link layers in a protocol independent fashion.
vnet_default_interface	Select the default VNET interface from options on the dropdown list. Options are none, auto, or specific interfaces on your system. Only takes effect when VNET is selected. Choose a specific interface or set to auto to use the interface that has the default route. Choose none to not set a default VNET interface.
IPv4 Interface	Select the IPv4 interface for the jail from the dropdown list.
IPv4 Address	Enter the IPv4 address for VNET(9) and shared IP jails.
IPv4 Netmask	Select the IPv4 netmask for the jail from the dropdown list.
IPv4 Default Router	Enter a valid IPv4 address to use as the default route. Enter none to configure the jail with no IPv4 default route. A jail without a default route is not be able to access any networks.
AutoConfigure IPv6	Select to use Stateless Address Auto Configuration (SLAAC) to autoconfigure IPv6 in the jail.
IPv6 Interface	Select the IPv6 interface for the jail from the dropdown list.
IPv6 Address	Enter the IPv6 address for VNET(9) and shared IP jails.
IPv6 Netmask	Select the IPv6 prefix for the jail from the dropdown list.
IPv6 Default Router	Enter a valid IPv6 address to use as the default route. Enter none to configure the jail without an IPv6 default route. A jail without a default route is not be able to access any networks.
Auto Start	Select to auto-start the jail at system boot time. Jails are started and stopped based on iocage priority. Set in the Custom Properties priority field.

Jail Properties Screen

Name	Description
devfs_ruleset	The devfs(8) ruleset number to enforce when mounting devfs in the jail. The default 0 means no ruleset is enforced. Mounting devfs inside a jail is only possible when the allow_mount and allow_mount_devfs permissions are enabled and enforce_statfs is set to a value lower than 2.
exec_start	Commands to run in the jail environment after the jail is created. Example: `sh /etc/rc`. The pseudo-parameters section of JAIL(8) describes exec.start usage.
exec_stop	Commands to run in the jail environment before the jail is removed and after exec.prestop commands complete. Example: sh /etc/rc.shutdown.
exec_prestart	Commands to run in the system environment before a jail is started.
exec_poststart	Commands to run in the system environment after a jail is started and after any exec_start commands are finished.
exec_prestop	Commands to run in the system environment before a jail is stopped.
exec_poststop	Commands to run in the system environment after a jail is stopped.
exec_jail_user	Enter either root or another valid username. Inside the jail, this user runs the commands.
exec_system_user	Run commands in the jail as this user. By default, the current user runs these commands.
securelevel	The value of the jail securelevel sysctl. A jail never has a lower securelevel setting than the host system. Setting this parameter allows a higher securelevel setting. If the host system securelevel* setting is changed, the jail secure level is at least as secure.
sysvmsg	Allows or denies access to SYSV IPC message primitives. Use the dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select *New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmsg related system calls.
sysvsem	Allows or denies access to SYSV IPC semaphore primitives. Use dropdown list to select from Inherit, New or Disable. Use Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvmem related system calls.
sysvshm	Allows or denies access to SYSV IPC shared memory primitives. Use dropdown list to select from Inherit, New or Disable. Select Inherit to make all IPC objects on the system visible to the jail. Select New to make only objects the jail creates using the private key namespace visible. The system and parent jails have access to the jail objects but not private keys. Select Disable when the jail cannot perform any sysvshm related system calls.
vnet_interfaces	A space-delimited list of network interfaces attached to a VNET enabled jail after it is created. Interfaces are released when the jail is removed.
allow_set_hostname	Select to allow changing the jail host name with hostname(1) or sethostname(3).
allow_sysvipc	Select to choose whether a process in the jail has access to System V IPC primitives. Equivalent to setting sysvmsg, sysvsem, and sysvshm to Inherit. Deprecated in FreeBSD 11.0 and newer! Use sysvmsg, sysvsem, and sysvshm instead.
allow_raw_sockets	Select to allow raw sockets. Utilities like ping(8) and traceroute(8) require raw sockets. When selected, source IP addresses are enforced to comply with the IP addresses bound to the jail, ignoring the IP_HDRINCL flag on the socket.
allow_chflags	Select to treat jail users as privileged and allow the manipulation of system file flags. Secure level constraints are still enforced.
allow_mlock	Enables running services that require mlock(2) in a jail.
allow_vmm	Allows the jail to access the bhyve virtual machine monitor (VMM). The jail must have FreeBSD 12.0 or newer installed with the vmm(4) kernel module loaded.
allow_quotas	Select to allow the jail root to administer quotas on jail file systems. This includes file systems the jail shares with other jails or with non-jailed parts of the system.
allow_socket_af	Select to allow access to other protocol stacks beyond IPv4, IPv6, local (UNIX), and route. Warning, jail functionality does not exist for all protocol stacks.
allow_mount	Select to allow privileged users inside the jail to mount and unmount file system types marked as jail-friendly. Also use dropdown list to select from list of options allow_mount_devfs, allow_mount_fusefs, allow_mount_nullfs, allow_mount_procfs, allow_mount_tmpfs or allow_mount_zfs.

Network Properties Screen

Name	Description
Interfaces	Use to enter up to four interface configurations in the format interface:bridge, separated by a comma (,), where the left value is the virtual VNET interface name and the right value is the bridge name where to attach the virtual interface.
host_domainname	Use to enter a NIS domain name for the jail.
host_hostname	Use to set the jail host name. Defaults to the jail UUID.
resolver	Use to add lines to the jail resolv.conf. For example, nameserver IP;search domain.local. Delimit fields with a semicolon (;), this translates as new lines in resolv.conf. Enter none to inherit resolv.conf from the host.
exec_fib	Enter the routing table (FIB) to use when running commands inside the jail.
ip4.saddrsel	Select to disable IPv4 source address selection for the jail in favor of the primary IPv4 address of the jail. Only available when the jail is not configured to use VNET.
ip6.saddrsel	Select to disable IPv6 source address selection for the jail in favor of the primary IPv6 address of the jail. Only available when the jail is not configured to use VNET.
ip4	Controls the availability of IPv4 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip4_addr. Select Disable to stop the jail from using IPv4 entirely.
ip6	Controls the availability of IPv6 addresses. Use the dropdown list to select from options inherit, New or Disable. Select Inherit to allow unrestricted access to all system addresses. Select New to restrict addresses with ip6_addr. Select Disable to stop the jail from using IPv6 entirely.
mac_prefix	Enter a valid MAC address vendor prefix. For example, E4F4C6.
vnet0_mac	Use to assign a fixed MAC address. Leave this field empty to generate random MAC addresses for the host and jail. To assign fixed MAC addresses, enter the MAC address to assign to the host, a space, then the MAC address to assign to the jail.

Custom Properties Screen

Reporting

The Reporting screen displays graphs of system information for CPU, disk, memory, network, NFS, partition, target, UPS, ZFS, and system functions.

What does TrueNAS use for reporting?

TrueNAS uses Graphite for metric gathering and visualizations.

TrueNAS uses collectd to provide reporting statistics.

Reporting data is saved to permit viewing and monitoring usage trends over time. This data is preserved across system upgrades and restarts.

Data files are saved in /var/db/collectd/rrd/.

Because reporting data is frequently written it should not be stored on the boot pool or operating system device.

ReportingScreenDisplayOptions

Reporting Screen Display Options

Setting	Description
CPU	Displays the CPU Temperature, CPU Usage, and System Load graphs.
Disk	Displays graphs for each disk in the system.
Memory	Displays both the Physical memory utilization and Swap utilization graphs.
Network	Displays an Interface Traffic graph for each interface in the system.
NFS	Displays the NFS Stats (Operations) and NFS Stats (Bytes) graphs.
Partition	Displays graphs showing disk space allocations.
System	Displays both the Processes and Uptime graphs.
Target	Displays graphs only for systems with iSCSI ports configured and shows the bandwidth statistics for iSCSI ports.
UPS	Displays the graphs only if the system is configured for and uses a UPS.
ZFS	Displays the ARC Size, ARC Hit Ratio, ARC Requests demand_data, ARC Requests demand_metadata, ARC Requests prefetch_data, and ARC Requests prefetch_metadata graphs with the Arc and L2 gigabytes and hits (%), and the hits, misses and total number of requests.

Interacting with Graphs

Click on and drag a certain range of the graph to expand the information displayed in that selected area in the Graph. Click on the icon to zoom in on the graph. Click on the icon to zoom out on the graph. Click the to move the graph forward. Click the to move the graph backward.

Graphs

CPU Graphs

CPU graphs show the amount of time spent by the CPU in various states such as executing user code, executing system code, and being idle. Graphs of short-, mid-, and long-term load are shown, along with CPU temperature graphs.

Disk Graphs

Diskgraphs show read and write statistics on I/O, percent busy, latency, operations per second, pending I/O requests, and disk temperature. Use the Devices dropdown list to select one or all system disks for which you want to display a graph. Use the Metrics dropdown list to select one or all disk measurements to display.

Disk Metrics Options

Setting	Description
Select All	Displays all available graphs for any or all disks selected on the Devices dropdown list.
Disk Temperature	Displays the minimum, maximum, and mean temperature readings for the disk selected.
Disk Busy	Displays what percentage of the selected disk is busy.
Disk Latency	Displays the disk latency in time (msec) for read, write and delete operations.
Disk Operations detailed	Displays the read, write, and delete operations for the selected disk.
Pending I/O	Displays then length of pending I/O requests for the selected disk.
Disk I/O	Displays the disk read and write I/O stats in bytes/s.

Temperature monitoring for the disk is disabled if HDD Standby is enabled. Check the Storage > Disks Edit Disk* configuration form for any or all disks in the system if you do not see the temperature monitoring graph.

Memory Graphs

Memory graphs display memory usage and swap graphs display the amount of free and used swap space.

Network Graphs

Network graphs report received and transmitted traffic in megabytes per second for each configured interface.

NFS Graphs

NFS graphs show information about the number of procedure calls for each procedure and whether the system is a server or client.

Partition Graphs

Partition graphs display free, used, and reserved space for each pool and dataset. However, the disk space used by an individual zvol is not displayed as it is a block device.

System Graphs

System graphs display the number of processes. It is grouped by state.

Target Graphs

UPS Graphs

UPS graphs show statistics about an uninterruptible power supply (UPS) using Network UPS tools. Statistics include voltages, currents, power, frequencies, load, and temperatures.

ZFS Graphs

ZFS graphs show compressed physical ARC size, hit ratio, demand data, demand metadata, and prefetch data.

iXsystems Customer Support
Support Portal	https://support.ixsystems.com
Email	support@ixsystems.com
Telephone and Other Resources	https://www.ixsystems.com/support/

UI Reference Guide

Table of Contents

Top Menu

Logos and Side Panel Controls

Status Icons

Task Manager

Alerts

Settings

Power

Top Menu Contents

Task Manager

Alert Notifications

Alerts Panel Options

Alert Levels

Interface Preferences

General Preferences

Manage Custom Themes

Custom Theme Editor

Create Theme

GENERAL

COLORS

PREVIEW

Preview

Dashboard

Dashboard Cards

Accounts

Accounts Contents

Groups

Groups List

Groups Configuration

Users

Users List

User Configuration

Identification

User ID and Groups

Directories and Permissions

Authentication

System

System Content

General

NTP Servers

Boot

Advanced

Email

General Options

Send Mail Method

SMTP

GMail OAuth

System Dataset

Reporting

Alert Services

Alert Settings

Cloud Credentials

Name and Provider

Authentication

Amazon S3 Advanced Options

BackBlaze B2

Box

DropBox

FTP

Google Cloud Storage

Google Drive

HTTP

Hubic

Mega

Microsoft Azure Blob Storage

Microsoft One Drive

OpenStack Swift

pCloud

SFTP

WebDav

Yandex

SSH Connections

SSH Keypairs

Tunables

Update

CAs

Identifier and Type

Internal and Intermediate CAs

Certificate Options