Skip to content

Latest commit

 

History

History
2764 lines (2720 loc) · 125 KB

fortios_voip_profile.rst

File metadata and controls

2764 lines (2720 loc) · 125 KB
Raw
source:fortios_voip_profile.py
orphan:

fortios_voip_profile -- Configure VoIP profiles in Fortinet's FortiOS and FortiGate.

.. versionadded:: 2.0.0

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.14

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility


Supported Version Ranges
fortios_voip_profile v6.0.0 -> latest

Parameters

  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
  • member_path - Member attribute path to operate on. type: str
  • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
  • state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
  • voip_profile - Configure VoIP profiles. type: dict more...
    Supported Version Ranges
    voip_profile v6.0.0 -> latest
    • comment - Comment. type: str more...
      Supported Version Ranges
      comment v6.0.0 -> latest
    • feature_set - IPS or voipd (SIP-ALG) inspection feature set. type: str choices: ips, voipd, flow, proxy more...
      Supported Version Ranges
      feature_set v7.0.0 -> latest
      [ips] v7.4.0 -> latest
      [voipd] v7.4.0 -> latest
      [flow] v7.0.0 -> v7.2.4
      [proxy] v7.0.0 -> v7.2.4
    • msrp - MSRP. type: dict more...
      Supported Version Ranges
      msrp v7.0.2 -> latest
      • log_violations - Enable/disable logging of MSRP violations. type: str choices: disable, enable more...
        Supported Version Ranges
        log_violations v7.0.2 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • max_msg_size - Maximum allowable MSRP message size (1-65535). type: int more...
        Supported Version Ranges
        max_msg_size v7.0.2 -> latest
      • max_msg_size_action - Action for violation of max-msg-size. type: str choices: pass, block, reset, monitor more...
        Supported Version Ranges
        max_msg_size_action v7.0.2 -> latest
        [pass] v6.0.0 -> latest
        [block] v6.0.0 -> latest
        [reset] v6.0.0 -> latest
        [monitor] v6.0.0 -> latest
      • status - Enable/disable MSRP. type: str choices: disable, enable more...
        Supported Version Ranges
        status v7.0.2 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
    • name - Profile name. type: str required: true more...
      Supported Version Ranges
      name v6.0.0 -> latest
    • sccp - SCCP. type: dict more...
      Supported Version Ranges
      sccp v6.0.0 -> latest
      • block_mcast - Enable/disable block multicast RTP connections. type: str choices: disable, enable more...
        Supported Version Ranges
        block_mcast v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • log_call_summary - Enable/disable log summary of SCCP calls. type: str choices: disable, enable more...
        Supported Version Ranges
        log_call_summary v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • log_violations - Enable/disable logging of SCCP violations. type: str choices: disable, enable more...
        Supported Version Ranges
        log_violations v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • max_calls - Maximum calls per minute per SCCP client (max 65535). type: int more...
        Supported Version Ranges
        max_calls v6.0.0 -> latest
      • status - Enable/disable SCCP. type: str choices: disable, enable more...
        Supported Version Ranges
        status v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • verify_header - Enable/disable verify SCCP header content. type: str choices: disable, enable more...
        Supported Version Ranges
        verify_header v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
    • sip - SIP. type: dict more...
      Supported Version Ranges
      sip v6.0.0 -> latest
      • ack_rate - ACK request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        ack_rate v6.0.0 -> latest
      • ack_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        ack_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • block_ack - Enable/disable block ACK requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_ack v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_bye - Enable/disable block BYE requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_bye v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_cancel - Enable/disable block CANCEL requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_cancel v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_geo_red_options - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. type: str choices: disable, enable more...
        Supported Version Ranges
        block_geo_red_options v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_info - Enable/disable block INFO requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_info v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_invite - Enable/disable block INVITE requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_invite v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_long_lines - Enable/disable block requests with headers exceeding max-line-length. type: str choices: disable, enable more...
        Supported Version Ranges
        block_long_lines v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_message - Enable/disable block MESSAGE requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_message v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_notify - Enable/disable block NOTIFY requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_notify v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_options - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. type: str choices: disable, enable more...
        Supported Version Ranges
        block_options v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_prack - Enable/disable block prack requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_prack v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_publish - Enable/disable block PUBLISH requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_publish v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_refer - Enable/disable block REFER requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_refer v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_register - Enable/disable block REGISTER requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_register v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_subscribe - Enable/disable block SUBSCRIBE requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_subscribe v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_unknown - Block unrecognized SIP requests (enabled by default). type: str choices: disable, enable more...
        Supported Version Ranges
        block_unknown v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • block_update - Enable/disable block UPDATE requests. type: str choices: disable, enable more...
        Supported Version Ranges
        block_update v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • bye_rate - BYE request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        bye_rate v6.0.0 -> latest
      • bye_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        bye_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • call_id_regex - Validate PCRE regular expression for Call-Id header value. type: str more...
        Supported Version Ranges
        call_id_regex v7.4.0 -> latest
      • call_keepalive - Continue tracking calls with no RTP for this many minutes. type: int more...
        Supported Version Ranges
        call_keepalive v6.0.0 -> latest
      • cancel_rate - CANCEL request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        cancel_rate v6.0.0 -> latest
      • cancel_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        cancel_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • contact_fixup - Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. type: str choices: disable, enable more...
        Supported Version Ranges
        contact_fixup v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • content_type_regex - Validate PCRE regular expression for Content-Type header value. type: str more...
        Supported Version Ranges
        content_type_regex v7.4.0 -> latest
      • hnt_restrict_source_ip - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. type: str choices: disable, enable more...
        Supported Version Ranges
        hnt_restrict_source_ip v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • hosted_nat_traversal - Hosted NAT Traversal (HNT). type: str choices: disable, enable more...
        Supported Version Ranges
        hosted_nat_traversal v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • info_rate - INFO request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        info_rate v6.0.0 -> latest
      • info_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        info_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • invite_rate - INVITE request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        invite_rate v6.0.0 -> latest
      • invite_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        invite_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • ips_rtp - Enable/disable allow IPS on RTP. type: str choices: disable, enable more...
        Supported Version Ranges
        ips_rtp v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • log_call_summary - Enable/disable logging of SIP call summary. type: str choices: disable, enable more...
        Supported Version Ranges
        log_call_summary v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • log_violations - Enable/disable logging of SIP violations. type: str choices: disable, enable more...
        Supported Version Ranges
        log_violations v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • malformed_header_allow - Action for malformed Allow header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_allow v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_call_id - Action for malformed Call-ID header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_call_id v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_contact - Action for malformed Contact header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_contact v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_content_length - Action for malformed Content-Length header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_content_length v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_content_type - Action for malformed Content-Type header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_content_type v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_cseq - Action for malformed CSeq header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_cseq v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_expires - Action for malformed Expires header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_expires v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_from - Action for malformed From header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_from v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_max_forwards - Action for malformed Max-Forwards header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_max_forwards v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_no_proxy_require - Action for malformed SIP messages without Proxy-Require header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_no_proxy_require v7.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_no_require - Action for malformed SIP messages without Require header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_no_require v7.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_p_asserted_identity - Action for malformed P-Asserted-Identity header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_p_asserted_identity v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_rack - Action for malformed RAck header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_rack v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_record_route - Action for malformed Record-Route header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_record_route v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_route - Action for malformed Route header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_route v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_rseq - Action for malformed RSeq header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_rseq v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_a - Action for malformed SDP a line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_a v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_b - Action for malformed SDP b line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_b v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_c - Action for malformed SDP c line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_c v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_i - Action for malformed SDP i line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_i v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_k - Action for malformed SDP k line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_k v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_m - Action for malformed SDP m line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_m v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_o - Action for malformed SDP o line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_o v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_r - Action for malformed SDP r line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_r v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_s - Action for malformed SDP s line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_s v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_t - Action for malformed SDP t line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_t v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_v - Action for malformed SDP v line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_v v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_sdp_z - Action for malformed SDP z line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_sdp_z v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_to - Action for malformed To header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_to v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_header_via - Action for malformed VIA header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_header_via v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • malformed_request_line - Action for malformed request line. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        malformed_request_line v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • max_body_length - Maximum SIP message body length (0 meaning no limit). type: int more...
        Supported Version Ranges
        max_body_length v6.0.0 -> latest
      • max_dialogs - Maximum number of concurrent calls/dialogs (per policy). type: int more...
        Supported Version Ranges
        max_dialogs v6.0.0 -> latest
      • max_idle_dialogs - Maximum number established but idle dialogs to retain (per policy). type: int more...
        Supported Version Ranges
        max_idle_dialogs v6.0.0 -> latest
      • max_line_length - Maximum SIP header line length (78-4096). type: int more...
        Supported Version Ranges
        max_line_length v6.0.0 -> latest
      • message_rate - MESSAGE request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        message_rate v6.0.0 -> latest
      • message_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        message_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • nat_port_range - RTP NAT port range. type: str more...
        Supported Version Ranges
        nat_port_range v6.2.0 -> latest
      • nat_trace - Enable/disable preservation of original IP in SDP i line. type: str choices: disable, enable more...
        Supported Version Ranges
        nat_trace v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • no_sdp_fixup - Enable/disable no SDP fix-up. type: str choices: disable, enable more...
        Supported Version Ranges
        no_sdp_fixup v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • notify_rate - NOTIFY request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        notify_rate v6.0.0 -> latest
      • notify_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        notify_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • open_contact_pinhole - Enable/disable open pinhole for non-REGISTER Contact port. type: str choices: disable, enable more...
        Supported Version Ranges
        open_contact_pinhole v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • open_record_route_pinhole - Enable/disable open pinhole for Record-Route port. type: str choices: disable, enable more...
        Supported Version Ranges
        open_record_route_pinhole v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • open_register_pinhole - Enable/disable open pinhole for REGISTER Contact port. type: str choices: disable, enable more...
        Supported Version Ranges
        open_register_pinhole v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • open_via_pinhole - Enable/disable open pinhole for Via port. type: str choices: disable, enable more...
        Supported Version Ranges
        open_via_pinhole v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • options_rate - OPTIONS request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        options_rate v6.0.0 -> latest
      • options_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        options_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • prack_rate - PRACK request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        prack_rate v6.0.0 -> latest
      • prack_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        prack_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • preserve_override - Override i line to preserve original IPs . type: str choices: disable, enable more...
        Supported Version Ranges
        preserve_override v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • provisional_invite_expiry_time - Expiry time (10-3600, in seconds) for provisional INVITE. type: int more...
        Supported Version Ranges
        provisional_invite_expiry_time v6.0.0 -> latest
      • publish_rate - PUBLISH request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        publish_rate v6.0.0 -> latest
      • publish_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        publish_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • refer_rate - REFER request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        refer_rate v6.0.0 -> latest
      • refer_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        refer_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • register_contact_trace - Enable/disable trace original IP/port within the contact header of REGISTER requests. type: str choices: disable, enable more...
        Supported Version Ranges
        register_contact_trace v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • register_rate - REGISTER request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        register_rate v6.0.0 -> latest
      • register_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        register_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • rfc2543_branch - Enable/disable support via branch compliant with RFC 2543. type: str choices: disable, enable more...
        Supported Version Ranges
        rfc2543_branch v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • rtp - Enable/disable create pinholes for RTP traffic to traverse firewall. type: str choices: disable, enable more...
        Supported Version Ranges
        rtp v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low more...
        Supported Version Ranges
        ssl_algorithm v6.0.0 -> latest
        [high] v6.0.0 -> latest
        [medium] v6.0.0 -> latest
        [low] v6.0.0 -> latest
      • ssl_auth_client - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str more...
        Supported Version Ranges
        ssl_auth_client v6.0.0 -> latest
      • ssl_auth_server - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str more...
        Supported Version Ranges
        ssl_auth_server v6.0.0 -> latest
      • ssl_client_certificate - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. type: str more...
        Supported Version Ranges
        ssl_client_certificate v6.0.0 -> latest
      • ssl_client_renegotiation - Allow/block client renegotiation by server. type: str choices: allow, deny, secure more...
        Supported Version Ranges
        ssl_client_renegotiation v6.0.0 -> latest
        [allow] v6.0.0 -> latest
        [deny] v6.0.0 -> latest
        [secure] v6.0.0 -> latest
      • ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
        Supported Version Ranges
        ssl_max_version v6.0.0 -> latest
        [ssl-3.0] v6.0.0 -> latest
        [tls-1.0] v6.0.0 -> latest
        [tls-1.1] v6.0.0 -> latest
        [tls-1.2] v6.0.0 -> latest
        [tls-1.3] v6.2.0 -> latest
      • ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3 more...
        Supported Version Ranges
        ssl_min_version v6.0.0 -> latest
        [ssl-3.0] v6.0.0 -> latest
        [tls-1.0] v6.0.0 -> latest
        [tls-1.1] v6.0.0 -> latest
        [tls-1.2] v6.0.0 -> latest
        [tls-1.3] v6.2.0 -> latest
      • ssl_mode - SSL/TLS mode for encryption & decryption of traffic. type: str choices: off, full more...
        Supported Version Ranges
        ssl_mode v6.0.0 -> latest
        [off] v6.0.0 -> latest
        [full] v6.0.0 -> latest
      • ssl_pfs - SSL Perfect Forward Secrecy. type: str choices: require, deny, allow more...
        Supported Version Ranges
        ssl_pfs v6.0.0 -> latest
        [require] v6.0.0 -> latest
        [deny] v6.0.0 -> latest
        [allow] v6.0.0 -> latest
      • ssl_send_empty_frags - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). type: str choices: enable, disable more...
        Supported Version Ranges
        ssl_send_empty_frags v6.0.0 -> latest
        [enable] v6.0.0 -> latest
        [disable] v6.0.0 -> latest
      • ssl_server_certificate - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. type: str more...
        Supported Version Ranges
        ssl_server_certificate v6.0.0 -> latest
      • status - Enable/disable SIP. type: str choices: disable, enable more...
        Supported Version Ranges
        status v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • strict_register - Enable/disable only allow the registrar to connect. type: str choices: disable, enable more...
        Supported Version Ranges
        strict_register v6.0.0 -> latest
        [disable] v6.0.0 -> latest
        [enable] v6.0.0 -> latest
      • subscribe_rate - SUBSCRIBE request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        subscribe_rate v6.0.0 -> latest
      • subscribe_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        subscribe_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest
      • unknown_header - Action for unknown SIP header. type: str choices: discard, pass, respond more...
        Supported Version Ranges
        unknown_header v6.0.0 -> latest
        [discard] v6.0.0 -> latest
        [pass] v6.0.0 -> latest
        [respond] v6.0.0 -> latest
      • update_rate - UPDATE request rate limit (per second, per policy). type: int more...
        Supported Version Ranges
        update_rate v6.0.0 -> latest
      • update_rate_track - Track the packet protocol field. type: str choices: none, src-ip, dest-ip more...
        Supported Version Ranges
        update_rate_track v7.0.0 -> latest
        [none] v6.0.0 -> latest
        [src-ip] v6.0.0 -> latest
        [dest-ip] v6.0.0 -> latest

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Configure VoIP profiles.
  fortinet.fortios.fortios_voip_profile:
      vdom: "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      voip_profile:
          comment: "Comment."
          feature_set: "ips"
          msrp:
              log_violations: "disable"
              max_msg_size: "0"
              max_msg_size_action: "pass"
              status: "disable"
          name: "default_name_10"
          sccp:
              block_mcast: "disable"
              log_call_summary: "disable"
              log_violations: "disable"
              max_calls: "0"
              status: "disable"
              verify_header: "disable"
          sip:
              ack_rate: "0"
              ack_rate_track: "none"
              block_ack: "disable"
              block_bye: "disable"
              block_cancel: "disable"
              block_geo_red_options: "disable"
              block_info: "disable"
              block_invite: "disable"
              block_long_lines: "disable"
              block_message: "disable"
              block_notify: "disable"
              block_options: "disable"
              block_prack: "disable"
              block_publish: "disable"
              block_refer: "disable"
              block_register: "disable"
              block_subscribe: "disable"
              block_unknown: "disable"
              block_update: "disable"
              bye_rate: "0"
              bye_rate_track: "none"
              call_id_regex: "<your_own_value>"
              call_keepalive: "0"
              cancel_rate: "0"
              cancel_rate_track: "none"
              contact_fixup: "disable"
              content_type_regex: "<your_own_value>"
              hnt_restrict_source_ip: "disable"
              hosted_nat_traversal: "disable"
              info_rate: "0"
              info_rate_track: "none"
              invite_rate: "0"
              invite_rate_track: "none"
              ips_rtp: "disable"
              log_call_summary: "disable"
              log_violations: "disable"
              malformed_header_allow: "discard"
              malformed_header_call_id: "discard"
              malformed_header_contact: "discard"
              malformed_header_content_length: "discard"
              malformed_header_content_type: "discard"
              malformed_header_cseq: "discard"
              malformed_header_expires: "discard"
              malformed_header_from: "discard"
              malformed_header_max_forwards: "discard"
              malformed_header_no_proxy_require: "discard"
              malformed_header_no_require: "discard"
              malformed_header_p_asserted_identity: "discard"
              malformed_header_rack: "discard"
              malformed_header_record_route: "discard"
              malformed_header_route: "discard"
              malformed_header_rseq: "discard"
              malformed_header_sdp_a: "discard"
              malformed_header_sdp_b: "discard"
              malformed_header_sdp_c: "discard"
              malformed_header_sdp_i: "discard"
              malformed_header_sdp_k: "discard"
              malformed_header_sdp_m: "discard"
              malformed_header_sdp_o: "discard"
              malformed_header_sdp_r: "discard"
              malformed_header_sdp_s: "discard"
              malformed_header_sdp_t: "discard"
              malformed_header_sdp_v: "discard"
              malformed_header_sdp_z: "discard"
              malformed_header_to: "discard"
              malformed_header_via: "discard"
              malformed_request_line: "discard"
              max_body_length: "0"
              max_dialogs: "0"
              max_idle_dialogs: "0"
              max_line_length: "998"
              message_rate: "0"
              message_rate_track: "none"
              nat_port_range: "<your_own_value>"
              nat_trace: "disable"
              no_sdp_fixup: "disable"
              notify_rate: "0"
              notify_rate_track: "none"
              open_contact_pinhole: "disable"
              open_record_route_pinhole: "disable"
              open_register_pinhole: "disable"
              open_via_pinhole: "disable"
              options_rate: "0"
              options_rate_track: "none"
              prack_rate: "0"
              prack_rate_track: "none"
              preserve_override: "disable"
              provisional_invite_expiry_time: "210"
              publish_rate: "0"
              publish_rate_track: "none"
              refer_rate: "0"
              refer_rate_track: "none"
              register_contact_trace: "disable"
              register_rate: "0"
              register_rate_track: "none"
              rfc2543_branch: "disable"
              rtp: "disable"
              ssl_algorithm: "high"
              ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
              ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
              ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
              ssl_client_renegotiation: "allow"
              ssl_max_version: "ssl-3.0"
              ssl_min_version: "ssl-3.0"
              ssl_mode: "off"
              ssl_pfs: "require"
              ssl_send_empty_frags: "enable"
              ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
              status: "disable"
              strict_register: "disable"
              subscribe_rate: "0"
              subscribe_rate_track: "none"
              unknown_header: "discard"
              update_rate: "0"
              update_rate_track: "none"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Hongbin Lu (@fgtdev-hblu)
  • Frank Shen (@frankshen01)
  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.