fortinet.fortimanager.fmgr_voip_profile_sip – SIP.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| adom string / required | the parameter (adom) in requested url | ||
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |
| profile string / required | the parameter (profile) in requested url | ||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||
| state string / required |
| the directive to create, update or delete an object | |
| voip_profile_sip dictionary | the top level parameters set | ||
| ack-rate integer | ACK request rate limit (per second, per policy). | ||
| block-ack string |
| Enable/disable block ACK requests. | |
| block-bye string |
| Enable/disable block BYE requests. | |
| block-cancel string |
| Enable/disable block CANCEL requests. | |
| block-geo-red-options string |
| Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. | |
| block-info string |
| Enable/disable block INFO requests. | |
| block-invite string |
| Enable/disable block INVITE requests. | |
| block-long-lines string |
| Enable/disable block requests with headers exceeding max-line-length. | |
| block-message string |
| Enable/disable block MESSAGE requests. | |
| block-notify string |
| Enable/disable block NOTIFY requests. | |
| block-options string |
| Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. | |
| block-prack string |
| Enable/disable block prack requests. | |
| block-publish string |
| Enable/disable block PUBLISH requests. | |
| block-refer string |
| Enable/disable block REFER requests. | |
| block-register string |
| Enable/disable block REGISTER requests. | |
| block-subscribe string |
| Enable/disable block SUBSCRIBE requests. | |
| block-unknown string |
| Block unrecognized SIP requests (enabled by default). | |
| block-update string |
| Enable/disable block UPDATE requests. | |
| bye-rate integer | BYE request rate limit (per second, per policy). | ||
| call-keepalive integer | Continue tracking calls with no RTP for this many minutes. | ||
| cancel-rate integer | CANCEL request rate limit (per second, per policy). | ||
| contact-fixup string |
| Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port. | |
| hnt-restrict-source-ip string |
| Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. | |
| hosted-nat-traversal string |
| Hosted NAT Traversal (HNT). | |
| info-rate integer | INFO request rate limit (per second, per policy). | ||
| invite-rate integer | INVITE request rate limit (per second, per policy). | ||
| ips-rtp string |
| Enable/disable allow IPS on RTP. | |
| log-call-summary string |
| Enable/disable logging of SIP call summary. | |
| log-violations string |
| Enable/disable logging of SIP violations. | |
| malformed-header-allow string |
| Action for malformed Allow header. | |
| malformed-header-call-id string |
| Action for malformed Call-ID header. | |
| malformed-header-contact string |
| Action for malformed Contact header. | |
| malformed-header-content-length string |
| Action for malformed Content-Length header. | |
| malformed-header-content-type string |
| Action for malformed Content-Type header. | |
| malformed-header-cseq string |
| Action for malformed CSeq header. | |
| malformed-header-expires string |
| Action for malformed Expires header. | |
| malformed-header-from string |
| Action for malformed From header. | |
| malformed-header-max-forwards string |
| Action for malformed Max-Forwards header. | |
| malformed-header-p-asserted-identity string |
| Action for malformed P-Asserted-Identity header. | |
| malformed-header-rack string |
| Action for malformed RAck header. | |
| malformed-header-record-route string |
| Action for malformed Record-Route header. | |
| malformed-header-route string |
| Action for malformed Route header. | |
| malformed-header-rseq string |
| Action for malformed RSeq header. | |
| malformed-header-sdp-a string |
| Action for malformed SDP a line. | |
| malformed-header-sdp-b string |
| Action for malformed SDP b line. | |
| malformed-header-sdp-c string |
| Action for malformed SDP c line. | |
| malformed-header-sdp-i string |
| Action for malformed SDP i line. | |
| malformed-header-sdp-k string |
| Action for malformed SDP k line. | |
| malformed-header-sdp-m string |
| Action for malformed SDP m line. | |
| malformed-header-sdp-o string |
| Action for malformed SDP o line. | |
| malformed-header-sdp-r string |
| Action for malformed SDP r line. | |
| malformed-header-sdp-s string |
| Action for malformed SDP s line. | |
| malformed-header-sdp-t string |
| Action for malformed SDP t line. | |
| malformed-header-sdp-v string |
| Action for malformed SDP v line. | |
| malformed-header-sdp-z string |
| Action for malformed SDP z line. | |
| malformed-header-to string |
| Action for malformed To header. | |
| malformed-header-via string |
| Action for malformed VIA header. | |
| malformed-request-line string |
| Action for malformed request line. | |
| max-body-length integer | Maximum SIP message body length (0 meaning no limit). | ||
| max-dialogs integer | Maximum number of concurrent calls/dialogs (per policy). | ||
| max-idle-dialogs integer | Maximum number established but idle dialogs to retain (per policy). | ||
| max-line-length integer | Maximum SIP header line length (78-4096). | ||
| message-rate integer | MESSAGE request rate limit (per second, per policy). | ||
| nat-trace string |
| Enable/disable preservation of original IP in SDP i line. | |
| no-sdp-fixup string |
| Enable/disable no SDP fix-up. | |
| notify-rate integer | NOTIFY request rate limit (per second, per policy). | ||
| open-contact-pinhole string |
| Enable/disable open pinhole for non-REGISTER Contact port. | |
| open-record-route-pinhole string |
| Enable/disable open pinhole for Record-Route port. | |
| open-register-pinhole string |
| Enable/disable open pinhole for REGISTER Contact port. | |
| open-via-pinhole string |
| Enable/disable open pinhole for Via port. | |
| options-rate integer | OPTIONS request rate limit (per second, per policy). | ||
| prack-rate integer | PRACK request rate limit (per second, per policy). | ||
| preserve-override string |
| Override i line to preserve original IPS (default: append). | |
| provisional-invite-expiry-time integer | Expiry time for provisional INVITE (10 - 3600 sec). | ||
| publish-rate integer | PUBLISH request rate limit (per second, per policy). | ||
| refer-rate integer | REFER request rate limit (per second, per policy). | ||
| register-contact-trace string |
| Enable/disable trace original IP/port within the contact header of REGISTER requests. | |
| register-rate integer | REGISTER request rate limit (per second, per policy). | ||
| rfc2543-branch string |
| Enable/disable support via branch compliant with RFC 2543. | |
| rtp string |
| Enable/disable create pinholes for RTP traffic to traverse firewall. | |
| ssl-algorithm string |
| Relative strength of encryption algorithms accepted in negotiation. | |
| ssl-auth-client string | Require a client certificate and authenticate it with the peer/peergrp. | ||
| ssl-auth-server string | Authenticate the servers certificate with the peer/peergrp. | ||
| ssl-client-certificate string | Name of Certificate to offer to server if requested. | ||
| ssl-client-renegotiation string |
| Allow/block client renegotiation by server. | |
| ssl-max-version string |
| Highest SSL/TLS version to negotiate. | |
| ssl-min-version string |
| Lowest SSL/TLS version to negotiate. | |
| ssl-mode string |
| SSL/TLS mode for encryption & decryption of traffic. | |
| ssl-pfs string |
| SSL Perfect Forward Secrecy. | |
| ssl-send-empty-frags string |
| Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). | |
| ssl-server-certificate string | Name of Certificate return to the client in every SSL connection. | ||
| status string |
| Enable/disable SIP. | |
| strict-register string |
| Enable/disable only allow the registrar to connect. | |
| subscribe-rate integer | SUBSCRIBE request rate limit (per second, per policy). | ||
| unknown-header string |
| Action for unknown SIP header. | |
| update-rate integer | UPDATE request rate limit (per second, per policy). | ||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | |
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: SIP.
fmgr_voip_profile_sip:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack-rate: <value of integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <value of integer>
call-keepalive: <value of integer>
cancel-rate: <value of integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <value of integer>
invite-rate: <value of integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <value of integer>
max-dialogs: <value of integer>
max-idle-dialogs: <value of integer>
max-line-length: <value of integer>
message-rate: <value of integer>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <value of integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <value of integer>
prack-rate: <value of integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <value of integer>
publish-rate: <value of integer>
refer-rate: <value of integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <value of integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <value of string>
ssl-auth-server: <value of string>
ssl-client-certificate: <value of string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <value of string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <value of integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <value of integer>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_voip_profile_sip_module.html