Description
This article explains how to block access to IPFS gateways through the FortiGate.
As a primer, IPFS (InterPlanetary File System) is a distributed filesystem that allows users to host/receive content in a peer-to-peer manner, similar to BitTorrent. To access the IPFS network, users can either install an IPFS software client locally or they can connect to an IPFS gateway hosted on the Internet. These gateways act as proxy servers and allow HTTP/HTTPS-based web clients to access the rest of the IPFS network.
With that in mind, administrators may want to block access to these IPFS gateways through the FortiGate since sites hosted on the IPFS network may contain malicious or inappropriate content for the business network.
Scope
FortiGate.
Solution
Administrators can use the 'IPFS-IPFS.Gateway' Internet Service Database object in a Firewall Policy to block access to known IPFS gateways.
- Go to Policy & Objects -> Firewall Policy, then select 'Create New'.
- In the new Firewall Policy, select the Destination field and add the 'IPFS-IPFS.Gateway' Internet Service object.
- In the below example, the Firewall Policy will Deny users in the MANAGED network from accessing IPFS gateways via the INTERNET interface.
