fortinet.fortimanager.fmgr_voip_profile – Configure VoIP profiles.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| adom string / required | the parameter (adom) in requested url | |||
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
| enable_log boolean |
| Enable/Disable logging for task | ||
| proposed_method string |
| The overridden method for the underlying Json RPC request | ||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | |||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | |||
| state string / required |
| the directive to create, update or delete an object | ||
| voip_profile dictionary | the top level parameters set | |||
| comment string | Comment. | |||
| feature-set string |
| Flow or proxy inspection feature set. | ||
| name string | Profile name. | |||
| sccp dictionary | no description | |||
| block-mcast string |
| Enable/disable block multicast RTP connections. | ||
| log-call-summary string |
| Enable/disable log summary of SCCP calls. | ||
| log-violations string |
| Enable/disable logging of SCCP violations. | ||
| max-calls integer | Maximum calls per minute per SCCP client (max 65535). | |||
| status string |
| Enable/disable SCCP. | ||
| verify-header string |
| Enable/disable verify SCCP header content. | ||
| sip dictionary | no description | |||
| ack-rate integer | ACK request rate limit (per second, per policy). | |||
| ack-rate-track string |
| Track the packet protocol field. | ||
| block-ack string |
| Enable/disable block ACK requests. | ||
| block-bye string |
| Enable/disable block BYE requests. | ||
| block-cancel string |
| Enable/disable block CANCEL requests. | ||
| block-geo-red-options string |
| Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. | ||
| block-info string |
| Enable/disable block INFO requests. | ||
| block-invite string |
| Enable/disable block INVITE requests. | ||
| block-long-lines string |
| Enable/disable block requests with headers exceeding max-line-length. | ||
| block-message string |
| Enable/disable block MESSAGE requests. | ||
| block-notify string |
| Enable/disable block NOTIFY requests. | ||
| block-options string |
| Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. | ||
| block-prack string |
| Enable/disable block prack requests. | ||
| block-publish string |
| Enable/disable block PUBLISH requests. | ||
| block-refer string |
| Enable/disable block REFER requests. | ||
| block-register string |
| Enable/disable block REGISTER requests. | ||
| block-subscribe string |
| Enable/disable block SUBSCRIBE requests. | ||
| block-unknown string |
| Block unrecognized SIP requests (enabled by default). | ||
| block-update string |
| Enable/disable block UPDATE requests. | ||
| bye-rate integer | BYE request rate limit (per second, per policy). | |||
| bye-rate-track string |
| Track the packet protocol field. | ||
| call-keepalive integer | Continue tracking calls with no RTP for this many minutes. | |||
| cancel-rate integer | CANCEL request rate limit (per second, per policy). | |||
| cancel-rate-track string |
| Track the packet protocol field. | ||
| contact-fixup string |
| Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port. | ||
| hnt-restrict-source-ip string |
| Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. | ||
| hosted-nat-traversal string |
| Hosted NAT Traversal (HNT). | ||
| info-rate integer | INFO request rate limit (per second, per policy). | |||
| info-rate-track string |
| Track the packet protocol field. | ||
| invite-rate integer | INVITE request rate limit (per second, per policy). | |||
| invite-rate-track string |
| Track the packet protocol field. | ||
| ips-rtp string |
| Enable/disable allow IPS on RTP. | ||
| log-call-summary string |
| Enable/disable logging of SIP call summary. | ||
| log-violations string |
| Enable/disable logging of SIP violations. | ||
| malformed-header-allow string |
| Action for malformed Allow header. | ||
| malformed-header-call-id string |
| Action for malformed Call-ID header. | ||
| malformed-header-contact string |
| Action for malformed Contact header. | ||
| malformed-header-content-length string |
| Action for malformed Content-Length header. | ||
| malformed-header-content-type string |
| Action for malformed Content-Type header. | ||
| malformed-header-cseq string |
| Action for malformed CSeq header. | ||
| malformed-header-expires string |
| Action for malformed Expires header. | ||
| malformed-header-from string |
| Action for malformed From header. | ||
| malformed-header-max-forwards string |
| Action for malformed Max-Forwards header. | ||
| malformed-header-no-proxy-require string |
| Action for malformed SIP messages without Proxy-Require header. | ||
| malformed-header-no-require string |
| Action for malformed SIP messages without Require header. | ||
| malformed-header-p-asserted-identity string |
| Action for malformed P-Asserted-Identity header. | ||
| malformed-header-rack string |
| Action for malformed RAck header. | ||
| malformed-header-record-route string |
| Action for malformed Record-Route header. | ||
| malformed-header-route string |
| Action for malformed Route header. | ||
| malformed-header-rseq string |
| Action for malformed RSeq header. | ||
| malformed-header-sdp-a string |
| Action for malformed SDP a line. | ||
| malformed-header-sdp-b string |
| Action for malformed SDP b line. | ||
| malformed-header-sdp-c string |
| Action for malformed SDP c line. | ||
| malformed-header-sdp-i string |
| Action for malformed SDP i line. | ||
| malformed-header-sdp-k string |
| Action for malformed SDP k line. | ||
| malformed-header-sdp-m string |
| Action for malformed SDP m line. | ||
| malformed-header-sdp-o string |
| Action for malformed SDP o line. | ||
| malformed-header-sdp-r string |
| Action for malformed SDP r line. | ||
| malformed-header-sdp-s string |
| Action for malformed SDP s line. | ||
| malformed-header-sdp-t string |
| Action for malformed SDP t line. | ||
| malformed-header-sdp-v string |
| Action for malformed SDP v line. | ||
| malformed-header-sdp-z string |
| Action for malformed SDP z line. | ||
| malformed-header-to string |
| Action for malformed To header. | ||
| malformed-header-via string |
| Action for malformed VIA header. | ||
| malformed-request-line string |
| Action for malformed request line. | ||
| max-body-length integer | Maximum SIP message body length (0 meaning no limit). | |||
| max-dialogs integer | Maximum number of concurrent calls/dialogs (per policy). | |||
| max-idle-dialogs integer | Maximum number established but idle dialogs to retain (per policy). | |||
| max-line-length integer | Maximum SIP header line length (78-4096). | |||
| message-rate integer | MESSAGE request rate limit (per second, per policy). | |||
| message-rate-track string |
| Track the packet protocol field. | ||
| nat-port-range string | RTP NAT port range. | |||
| nat-trace string |
| Enable/disable preservation of original IP in SDP i line. | ||
| no-sdp-fixup string |
| Enable/disable no SDP fix-up. | ||
| notify-rate integer | NOTIFY request rate limit (per second, per policy). | |||
| notify-rate-track string |
| Track the packet protocol field. | ||
| open-contact-pinhole string |
| Enable/disable open pinhole for non-REGISTER Contact port. | ||
| open-record-route-pinhole string |
| Enable/disable open pinhole for Record-Route port. | ||
| open-register-pinhole string |
| Enable/disable open pinhole for REGISTER Contact port. | ||
| open-via-pinhole string |
| Enable/disable open pinhole for Via port. | ||
| options-rate integer | OPTIONS request rate limit (per second, per policy). | |||
| options-rate-track string |
| Track the packet protocol field. | ||
| prack-rate integer | PRACK request rate limit (per second, per policy). | |||
| prack-rate-track string |
| Track the packet protocol field. | ||
| preserve-override string |
| Override i line to preserve original IPS (default: append). | ||
| provisional-invite-expiry-time integer | Expiry time for provisional INVITE (10 - 3600 sec). | |||
| publish-rate integer | PUBLISH request rate limit (per second, per policy). | |||
| publish-rate-track string |
| Track the packet protocol field. | ||
| refer-rate integer | REFER request rate limit (per second, per policy). | |||
| refer-rate-track string |
| Track the packet protocol field. | ||
| register-contact-trace string |
| Enable/disable trace original IP/port within the contact header of REGISTER requests. | ||
| register-rate integer | REGISTER request rate limit (per second, per policy). | |||
| register-rate-track string |
| Track the packet protocol field. | ||
| rfc2543-branch string |
| Enable/disable support via branch compliant with RFC 2543. | ||
| rtp string |
| Enable/disable create pinholes for RTP traffic to traverse firewall. | ||
| ssl-algorithm string |
| Relative strength of encryption algorithms accepted in negotiation. | ||
| ssl-auth-client string | Require a client certificate and authenticate it with the peer/peergrp. | |||
| ssl-auth-server string | Authenticate the servers certificate with the peer/peergrp. | |||
| ssl-client-certificate string | Name of Certificate to offer to server if requested. | |||
| ssl-client-renegotiation string |
| Allow/block client renegotiation by server. | ||
| ssl-max-version string |
| Highest SSL/TLS version to negotiate. | ||
| ssl-min-version string |
| Lowest SSL/TLS version to negotiate. | ||
| ssl-mode string |
| SSL/TLS mode for encryption & decryption of traffic. | ||
| ssl-pfs string |
| SSL Perfect Forward Secrecy. | ||
| ssl-send-empty-frags string |
| Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). | ||
| ssl-server-certificate string | Name of Certificate return to the client in every SSL connection. | |||
| status string |
| Enable/disable SIP. | ||
| strict-register string |
| Enable/disable only allow the registrar to connect. | ||
| subscribe-rate integer | SUBSCRIBE request rate limit (per second, per policy). | |||
| subscribe-rate-track string |
| Track the packet protocol field. | ||
| unknown-header string |
| Action for unknown SIP header. | ||
| update-rate integer | UPDATE request rate limit (per second, per policy). | |||
| update-rate-track string |
| Track the packet protocol field. | ||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | ||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure VoIP profiles.
fmgr_voip_profile:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
voip_profile:
comment: <value of string>
name: <value of string>
sccp:
block-mcast: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
max-calls: <value of integer>
status: <value in [disable, enable]>
verify-header: <value in [disable, enable]>
sip:
ack-rate: <value of integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <value of integer>
call-keepalive: <value of integer>
cancel-rate: <value of integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <value of integer>
invite-rate: <value of integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <value of integer>
max-dialogs: <value of integer>
max-idle-dialogs: <value of integer>
max-line-length: <value of integer>
message-rate: <value of integer>
nat-port-range: <value of string>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <value of integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <value of integer>
prack-rate: <value of integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <value of integer>
publish-rate: <value of integer>
refer-rate: <value of integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <value of integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <value of string>
ssl-auth-server: <value of string>
ssl-client-certificate: <value of string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <value of string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <value of integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <value of integer>
ack-rate-track: <value in [none, src-ip, dest-ip]>
bye-rate-track: <value in [none, src-ip, dest-ip]>
cancel-rate-track: <value in [none, src-ip, dest-ip]>
info-rate-track: <value in [none, src-ip, dest-ip]>
invite-rate-track: <value in [none, src-ip, dest-ip]>
malformed-header-no-proxy-require: <value in [pass, discard, respond]>
malformed-header-no-require: <value in [pass, discard, respond]>
message-rate-track: <value in [none, src-ip, dest-ip]>
notify-rate-track: <value in [none, src-ip, dest-ip]>
options-rate-track: <value in [none, src-ip, dest-ip]>
prack-rate-track: <value in [none, src-ip, dest-ip]>
publish-rate-track: <value in [none, src-ip, dest-ip]>
refer-rate-track: <value in [none, src-ip, dest-ip]>
register-rate-track: <value in [none, src-ip, dest-ip]>
subscribe-rate-track: <value in [none, src-ip, dest-ip]>
update-rate-track: <value in [none, src-ip, dest-ip]>
feature-set: <value in [flow, proxy]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_voip_profile_module.html