fortinet.fortimanager.fmgr_firewall_gtp module – Configure GTP.
Note
This module is part of the fortinet.fortimanager collection (version 2.1.5).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_gtp
.
New in version 2.10: of fortinet.fortimanager
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
the parameter (adom) in requested url |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices:
|
|
Enable/Disable logging for task Choices:
|
|
the top level parameters set |
|
overbilling notify address |
|
Apn. |
|
Action. Choices:
|
|
APN member. |
|
ID. |
|
APN selection mode. Choices:
|
|
apn filter Choices:
|
|
Authorized GGSN group |
|
Authorized GGSN/PGW IPv6 group. |
|
Authorized SGSN group |
|
Authorized SGSN/SGW IPv6 group. |
|
Comment. |
|
Overbilling context. |
|
control plane message rate limit |
|
default apn action Choices:
|
|
default imsi action Choices:
|
|
default action for encapsulated IP traffic Choices:
|
|
default action for encapsulated non-IP traffic Choices:
|
|
default advanced policy action Choices:
|
|
log denied Choices:
|
|
echo request interval (in seconds) |
|
log in extension format Choices:
|
|
log forwarded Choices:
|
|
Global tunnel limit. |
|
gtp in gtp Choices:
|
|
Enable/disable logging of denied GTP-U packets. Choices:
|
|
Enable/disable logging of forwarded GTP-U packets. Choices:
|
|
Logging of frequency of GTP-U packets. |
|
Half-close tunnel timeout (in seconds). |
|
Half-open tunnel timeout (in seconds). |
|
Handover SGSN group |
|
Handover SGSN/SGW IPv6 group. |
|
IE allow list. |
|
IE allow list. |
|
Ie-Remove-Policy. |
|
ID. |
|
GTP IEs to be removed. Choices:
|
|
SGSN address name. |
|
SGSN IPv6 address name. |
|
IE removal policy. Choices:
|
|
no description |
|
Validate APN restriction. Choices:
|
|
Validate charging gateway address. Choices:
|
|
Validate charging ID. Choices:
|
|
Validate end user address. Choices:
|
|
Validate GSN address. Choices:
|
|
Validate IMEI(SV). Choices:
|
|
Validate IMSI. Choices:
|
|
Validate MM context. Choices:
|
|
Validate MS time zone. Choices:
|
|
Validate MS validated. Choices:
|
|
Validate MSISDN. Choices:
|
|
Validate NSAPI. Choices:
|
|
Validate PDP context. Choices:
|
|
Validate Quality of Service(QoS) profile. Choices:
|
|
Validate RAI. Choices:
|
|
Validate RAT type. Choices:
|
|
Validate re-ordering required. Choices:
|
|
Validate selection mode. Choices:
|
|
Validate user location information. Choices:
|
|
IE white list. |
|
IE white list. |
|
Imsi. |
|
Action. Choices:
|
|
APN member. |
|
ID. |
|
MCC MNC. |
|
MSISDN prefix. |
|
APN selection mode. Choices:
|
|
imsi filter Choices:
|
|
overbilling interface |
|
Invalid reserved field in GTP header Choices:
|
|
Invalid SGSN group to be logged |
|
Invalid SGSN IPv6 group to be logged. |
|
IP filter for encapsulted traffic Choices:
|
|
Ip-Policy. |
|
Action. Choices:
|
|
Destination address name. |
|
Destination IPv6 address name. |
|
ID. |
|
Source address name. |
|
Source IPv6 address name. |
|
Logging of frequency of GTP-C packets. |
|
the user data log limit (0-512 bytes) |
|
IMSI prefix for selective logging. |
|
the msisdn prefix for selective logging |
|
max message length |
|
Message filter. |
|
Message filter. |
|
no description |
|
Rate limit for create AA PDP context request (packets per second). |
|
Rate limit for create AA PDP context response (packets per second). |
|
Rate limit for create MBMS context request (packets per second). |
|
Rate limit for create MBMS context response (packets per second). |
|
Rate limit for create PDP context request (packets per second). |
|
Rate limit for create PDP context response (packets per second). |
|
Rate limit for delete AA PDP context request (packets per second). |
|
Rate limit for delete AA PDP context response (packets per second). |
|
Rate limit for delete MBMS context request (packets per second). |
|
Rate limit for delete MBMS context response (packets per second). |
|
Rate limit for delete PDP context request (packets per second). |
|
Rate limit for delete PDP context response (packets per second). |
|
Rate limit for echo response (packets per second). |
|
Rate limit for echo requests (packets per second). |
|
Rate limit for error indication (packets per second). |
|
Rate limit for failure report request (packets per second). |
|
Rate limit for failure report response (packets per second). |
|
Rate limit for forward relocation complete acknowledge (packets per second). |
|
Rate limit for forward relocation complete (packets per second). |
|
Rate limit for forward relocation request (packets per second). |
|
Rate limit for forward relocation response (packets per second). |
|
Rate limit for forward SRNS context (packets per second). |
|
Rate limit for forward SRNS context acknowledge (packets per second). |
|
Rate limit for G-PDU (packets per second). |
|
Rate limit for identification request (packets per second). |
|
Rate limit for identification response (packets per second). |
|
Rate limit for MBMS de-registration request (packets per second). |
|
Rate limit for MBMS de-registration response (packets per second). |
|
Rate limit for MBMS notification reject request (packets per second). |
|
Rate limit for MBMS notification reject response (packets per second). |
|
Rate limit for MBMS notification request (packets per second). |
|
Rate limit for MBMS notification response (packets per second). |
|
Rate limit for MBMS registration request (packets per second). |
|
Rate limit for MBMS registration response (packets per second). |
|
Rate limit for MBMS session start request (packets per second). |
|
Rate limit for MBMS session start response (packets per second). |
|
Rate limit for MBMS session stop request (packets per second). |
|
Rate limit for MBMS session stop response (packets per second). |
|
Rate limit for note MS GPRS present request (packets per second). |
|
Rate limit for note MS GPRS present response (packets per second). |
|
Rate limit for PDU notify reject request (packets per second). |
|
Rate limit for PDU notify reject response (packets per second). |
|
Rate limit for PDU notify request (packets per second). |
|
Rate limit for PDU notify response (packets per second). |
|
Rate limit for RAN information relay (packets per second). |
|
Rate limit for relocation cancel request (packets per second). |
|
Rate limit for relocation cancel response (packets per second). |
|
Rate limit for send routing information for GPRS request (packets per second). |
|
Rate limit for send routing information for GPRS response (packets per second). |
|
Rate limit for SGSN context acknowledgement (packets per second). |
|
Rate limit for SGSN context request (packets per second). |
|
Rate limit for SGSN context response (packets per second). |
|
Rate limit for support extension headers notification (packets per second). |
|
Rate limit for update MBMS context request (packets per second). |
|
Rate limit for update MBMS context response (packets per second). |
|
Rate limit for update PDP context request (packets per second). |
|
Rate limit for update PDP context response (packets per second). |
|
Rate limit for version not supported (packets per second). |
|
no description |
|
Rate limit (packets/s) for create PDP context request. |
|
Rate limit (packets/s) for delete PDP context request. |
|
Rate limit (packets/s) for echo request. |
|
no description |
|
Rate limit (packets/s) for create PDP context request. |
|
Rate limit (packets/s) for delete PDP context request. |
|
Rate limit (packets/s) for echo request. |
|
no description |
|
Rate limit (packets/s) for create session request. |
|
Rate limit (packets/s) for delete session request. |
|
Rate limit (packets/s) for echo request. |
|
min message length |
|
Missing mandatory information element Choices:
|
|
GTP monitor mode Choices:
|
|
Profile name. |
|
non-IP filter for encapsulted traffic Choices:
|
|
Noip-Policy. |
|
Action. Choices:
|
|
End of protocol range (0 - 255). |
|
ID. |
|
Start of protocol range (0 - 255). |
|
Protocol field type. Choices:
|
|
Out of state information element. Choices:
|
|
Out of state GTP message Choices:
|
|
Per-Apn-Shaper. |
|
APN name. |
|
ID. |
|
Rate limit (packets/s) for create PDP context request. |
|
GTP version number: 0 or 1. |
|
Policy. |
|
Action. Choices:
|
|
APN selection mode. Choices:
|
|
APN member. |
|
ID. |
|
IMEI(SV) pattern. |
|
IMSI prefix. |
|
IMSI prefix. |
|
Maximum APN restriction value. Choices:
|
|
GTP messages. Choices:
|
|
MSISDN prefix. |
|
MSISDN prefix. |
|
RAI pattern. |
|
RAT Type. Choices:
|
|
ULI pattern. |
|
Advanced policy filter Choices:
|
|
Policy-V2. |
|
Action. Choices:
|
|
APN selection mode. Choices:
|
|
APN member. |
|
ID. |
|
IMSI prefix. |
|
Maximum APN restriction value. Choices:
|
|
MEI pattern. |
|
GTP messages. Choices:
|
|
MSISDN prefix. |
|
RAT Type. Choices:
|
|
GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI). |
|
overbilling notify port |
|
GTP rate limit mode. Choices:
|
|
log rate limited Choices:
|
|
rate sampling interval (1-3600 seconds) |
|
remove if echo response expires Choices:
|
|
remove upon different Recovery IE Choices:
|
|
reserved information element Choices:
|
|
send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. Choices:
|
|
send DELETE request to path endpoints when GTPv2 tunnel timeout. Choices:
|
|
Spoofed source address for Mobile Station. Choices:
|
|
log state invalid Choices:
|
|
Sub-second interval (0.1, 0.25, or 0.5 sec, default = 0.5). Choices:
|
|
Enable/disable sub-second sampling. Choices:
|
|
log tunnel traffic counter Choices:
|
|
tunnel limit |
|
tunnel limit Choices:
|
|
Established tunnel timeout (in seconds). |
|
action for unknown gtp version Choices:
|
|
user plane message rate limit |
|
Warning threshold for rate limiting (0 - 99 percent). |
|
The overridden method for the underlying Json RPC request Choices:
|
|
the rc codes list with which the conditions to fail will be overriden |
|
the rc codes list with which the conditions to succeed will be overriden |
|
the directive to create, update or delete an object Choices:
|
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root |
|
the maximum time in seconds to wait for other user to release the workspace lock Default: 300 |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure GTP.
fmgr_firewall_gtp:
bypass_validation: False
adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom
state: present
firewall_gtp:
monitor-mode: disable #<value in [disable, enable, vdom]>
name: 'ansible-test'
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the GTPs
fmgr_fact:
facts:
selector: 'firewall_gtp'
params:
adom: 'FortiCarrier' # This is FOC-only object, need a FortiCarrier adom
gtp: ''
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The full url requested Returned: always Sample: “/sys/login/user” |
|
The status of api request Returned: always Sample: 0 |
|
The descriptive message of the api response Returned: always Sample: “OK.” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)