You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.fortios.fmgr_secprof_voip – VOIP security profiles in FMG

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_secprof_voip.

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis 

Manage VOIP security profiles in FortiManager via API

Parameters 

Parameter	Comments
adom string	The ADOM the configuration should belong to. Default: “root”
comment string	Comment.
mode string	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values Choices: add ← (default) set delete update
name string	Profile name.
sccp string	EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
sccp_block_mcast string	Enable/disable block multicast RTP connections. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sccp_log_call_summary string	Enable/disable log summary of SCCP calls. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sccp_log_violations string	Enable/disable logging of SCCP violations. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sccp_max_calls string	Maximum calls per minute per SCCP client (max 65535).
sccp_status string	Enable/disable SCCP. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sccp_verify_header string	Enable/disable verify SCCP header content. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip string	EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
sip_ack_rate string	ACK request rate limit (per second, per policy).
sip_block_ack string	Enable/disable block ACK requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_bye string	Enable/disable block BYE requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_cancel string	Enable/disable block CANCEL requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_geo_red_options string	Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_info string	Enable/disable block INFO requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_invite string	Enable/disable block INVITE requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_long_lines string	Enable/disable block requests with headers exceeding max-line-length. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_message string	Enable/disable block MESSAGE requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_notify string	Enable/disable block NOTIFY requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_options string	Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_prack string	Enable/disable block prack requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_publish string	Enable/disable block PUBLISH requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_refer string	Enable/disable block REFER requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_register string	Enable/disable block REGISTER requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_subscribe string	Enable/disable block SUBSCRIBE requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_unknown string	Block unrecognized SIP requests (enabled by default). choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_block_update string	Enable/disable block UPDATE requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_bye_rate string	BYE request rate limit (per second, per policy).
sip_call_keepalive string	Continue tracking calls with no RTP for this many minutes.
sip_cancel_rate string	CANCEL request rate limit (per second, per policy).
sip_contact_fixup string	Fixup contact anyway even if contact’s IP\|port doesn’t match session’s IP\|port. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_hnt_restrict_source_ip string	Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_hosted_nat_traversal string	Hosted NAT Traversal (HNT). choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_info_rate string	INFO request rate limit (per second, per policy).
sip_invite_rate string	INVITE request rate limit (per second, per policy).
sip_ips_rtp string	Enable/disable allow IPS on RTP. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_log_call_summary string	Enable/disable logging of SIP call summary. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_log_violations string	Enable/disable logging of SIP violations. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_malformed_header_allow string	Action for malformed Allow header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_call_id string	Action for malformed Call-ID header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_contact string	Action for malformed Contact header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_content_length string	Action for malformed Content-Length header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_content_type string	Action for malformed Content-Type header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_cseq string	Action for malformed CSeq header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_expires string	Action for malformed Expires header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_from string	Action for malformed From header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_max_forwards string	Action for malformed Max-Forwards header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_p_asserted_identity string	Action for malformed P-Asserted-Identity header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_rack string	Action for malformed RAck header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_record_route string	Action for malformed Record-Route header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_route string	Action for malformed Route header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_rseq string	Action for malformed RSeq header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_a string	Action for malformed SDP a line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_b string	Action for malformed SDP b line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_c string	Action for malformed SDP c line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_i string	Action for malformed SDP i line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_k string	Action for malformed SDP k line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_m string	Action for malformed SDP m line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_o string	Action for malformed SDP o line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_r string	Action for malformed SDP r line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_s string	Action for malformed SDP s line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_t string	Action for malformed SDP t line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_v string	Action for malformed SDP v line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_sdp_z string	Action for malformed SDP z line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_to string	Action for malformed To header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_header_via string	Action for malformed VIA header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_malformed_request_line string	Action for malformed request line. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_max_body_length string	Maximum SIP message body length (0 meaning no limit).
sip_max_dialogs string	Maximum number of concurrent calls/dialogs (per policy).
sip_max_idle_dialogs string	Maximum number established but idle dialogs to retain (per policy).
sip_max_line_length string	Maximum SIP header line length (78-4096).
sip_message_rate string	MESSAGE request rate limit (per second, per policy).
sip_nat_trace string	Enable/disable preservation of original IP in SDP i line. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_no_sdp_fixup string	Enable/disable no SDP fix-up. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_notify_rate string	NOTIFY request rate limit (per second, per policy).
sip_open_contact_pinhole string	Enable/disable open pinhole for non-REGISTER Contact port. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_open_record_route_pinhole string	Enable/disable open pinhole for Record-Route port. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_open_register_pinhole string	Enable/disable open pinhole for REGISTER Contact port. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_open_via_pinhole string	Enable/disable open pinhole for Via port. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_options_rate string	OPTIONS request rate limit (per second, per policy).
sip_prack_rate string	PRACK request rate limit (per second, per policy).
sip_preserve_override string	Override i line to preserve original IPS (default\| append). choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_provisional_invite_expiry_time string	Expiry time for provisional INVITE (10 - 3600 sec).
sip_publish_rate string	PUBLISH request rate limit (per second, per policy).
sip_refer_rate string	REFER request rate limit (per second, per policy).
sip_register_contact_trace string	Enable/disable trace original IP/port within the contact header of REGISTER requests. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_register_rate string	REGISTER request rate limit (per second, per policy).
sip_rfc2543_branch string	Enable/disable support via branch compliant with RFC 2543. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_rtp string	Enable/disable create pinholes for RTP traffic to traverse firewall. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_ssl_algorithm string	Relative strength of encryption algorithms accepted in negotiation. choice \| high \| High encryption. Allow only AES and ChaCha. choice \| medium \| Medium encryption. Allow AES, ChaCha, 3DES, and RC4. choice \| low \| Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. Choices: high medium low
sip_ssl_auth_client string	Require a client certificate and authenticate it with the peer/peergrp.
sip_ssl_auth_server string	Authenticate the server’s certificate with the peer/peergrp.
sip_ssl_client_certificate string	Name of Certificate to offer to server if requested.
sip_ssl_client_renegotiation string	Allow/block client renegotiation by server. choice \| allow \| Allow a SSL client to renegotiate. choice \| deny \| Abort any SSL connection that attempts to renegotiate. choice \| secure \| Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication. Choices: allow deny secure
sip_ssl_max_version string	Highest SSL/TLS version to negotiate. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2. Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2
sip_ssl_min_version string	Lowest SSL/TLS version to negotiate. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2. Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2
sip_ssl_mode string	SSL/TLS mode for encryption & decryption of traffic. choice \| off \| No SSL. choice \| full \| Client to FortiGate and FortiGate to Server SSL. Choices: off full
sip_ssl_pfs string	SSL Perfect Forward Secrecy. choice \| require \| PFS mandatory. choice \| deny \| PFS rejected. choice \| allow \| PFS allowed. Choices: require deny allow
sip_ssl_send_empty_frags string	Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). choice \| disable \| Do not send empty fragments. choice \| enable \| Send empty fragments. Choices: disable enable
sip_ssl_server_certificate string	Name of Certificate return to the client in every SSL connection.
sip_status string	Enable/disable SIP. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_strict_register string	Enable/disable only allow the registrar to connect. choice \| disable \| Disable status. choice \| enable \| Enable status. Choices: disable enable
sip_subscribe_rate string	SUBSCRIBE request rate limit (per second, per policy).
sip_unknown_header string	Action for unknown SIP header. choice \| pass \| Bypass malformed messages. choice \| discard \| Discard malformed messages. choice \| respond \| Respond with error code. Choices: pass discard respond
sip_update_rate string	UPDATE request rate limit (per second, per policy).

Notes 

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples 

- name: DELETE Profile
  community.fortios.fmgr_secprof_voip:
    name: "Ansible_VOIP_Profile"
    mode: "delete"

- name: Create FMGR_VOIP_PROFILE
  community.fortios.fmgr_secprof_voip:
    mode: "set"
    adom: "root"
    name: "Ansible_VOIP_Profile"
    comment: "Created by Ansible"
    sccp: {block-mcast: "enable", log-call-summary: "enable", log-violations: "enable", status: "enable"}

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_result string	full API response, includes status code and message Returned: always

Authors

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

community.fortios.fmgr_secprof_voip – VOIP security profiles in FMG

Synopsis

Parameters

Notes

Examples

Return Values