fortinet.fortimanager.fmgr_voip_profile_sip module – SIP.
Note
This module is part of the fortinet.fortimanager collection (version 2.3.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
the parameter (adom) in requested url |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
the parameter (profile) in requested url |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
the top level parameters set |
|
ACK request rate limit |
|
Track the packet protocol field. Choices:
|
|
Enable/disable block ACK requests. Choices:
|
|
Enable/disable block BYE requests. Choices:
|
|
Enable/disable block CANCEL requests. Choices:
|
|
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. Choices:
|
|
Enable/disable block INFO requests. Choices:
|
|
Enable/disable block INVITE requests. Choices:
|
|
Enable/disable block requests with headers exceeding max-line-length. Choices:
|
|
Enable/disable block MESSAGE requests. Choices:
|
|
Enable/disable block NOTIFY requests. Choices:
|
|
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. Choices:
|
|
Enable/disable block prack requests. Choices:
|
|
Enable/disable block PUBLISH requests. Choices:
|
|
Enable/disable block REFER requests. Choices:
|
|
Enable/disable block REGISTER requests. Choices:
|
|
Enable/disable block SUBSCRIBE requests. Choices:
|
|
Block unrecognized SIP requests Choices:
|
|
Enable/disable block UPDATE requests. Choices:
|
|
BYE request rate limit |
|
Track the packet protocol field. Choices:
|
|
Validate PCRE regular expression for Call-Id header value. |
|
Continue tracking calls with no RTP for this many minutes. |
|
CANCEL request rate limit |
|
Track the packet protocol field. Choices:
|
|
Fixup contact anyway even if contacts IP Choices:
|
|
Validate PCRE regular expression for Content-Type header value. |
|
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. Choices:
|
|
Hosted NAT Traversal Choices:
|
|
INFO request rate limit |
|
Track the packet protocol field. Choices:
|
|
INVITE request rate limit |
|
Track the packet protocol field. Choices:
|
|
Enable/disable allow IPS on RTP. Choices:
|
|
Enable/disable logging of SIP call summary. Choices:
|
|
Enable/disable logging of SIP violations. Choices:
|
|
Action for malformed Allow header. Choices:
|
|
Action for malformed Call-ID header. Choices:
|
|
Action for malformed Contact header. Choices:
|
|
Action for malformed Content-Length header. Choices:
|
|
Action for malformed Content-Type header. Choices:
|
|
Action for malformed CSeq header. Choices:
|
|
Action for malformed Expires header. Choices:
|
|
Action for malformed From header. Choices:
|
|
Action for malformed Max-Forwards header. Choices:
|
|
Action for malformed SIP messages without Proxy-Require header. Choices:
|
|
Action for malformed SIP messages without Require header. Choices:
|
|
Action for malformed P-Asserted-Identity header. Choices:
|
|
Action for malformed RAck header. Choices:
|
|
Action for malformed Record-Route header. Choices:
|
|
Action for malformed Route header. Choices:
|
|
Action for malformed RSeq header. Choices:
|
|
Action for malformed SDP a line. Choices:
|
|
Action for malformed SDP b line. Choices:
|
|
Action for malformed SDP c line. Choices:
|
|
Action for malformed SDP i line. Choices:
|
|
Action for malformed SDP k line. Choices:
|
|
Action for malformed SDP m line. Choices:
|
|
Action for malformed SDP o line. Choices:
|
|
Action for malformed SDP r line. Choices:
|
|
Action for malformed SDP s line. Choices:
|
|
Action for malformed SDP t line. Choices:
|
|
Action for malformed SDP v line. Choices:
|
|
Action for malformed SDP z line. Choices:
|
|
Action for malformed To header. Choices:
|
|
Action for malformed VIA header. Choices:
|
|
Action for malformed request line. Choices:
|
|
Maximum SIP message body length |
|
Maximum number of concurrent calls/dialogs |
|
Maximum number established but idle dialogs to retain |
|
Maximum SIP header line length |
|
MESSAGE request rate limit |
|
Track the packet protocol field. Choices:
|
|
RTP NAT port range. |
|
Enable/disable preservation of original IP in SDP i line. Choices:
|
|
Enable/disable no SDP fix-up. Choices:
|
|
NOTIFY request rate limit |
|
Track the packet protocol field. Choices:
|
|
Enable/disable open pinhole for non-REGISTER Contact port. Choices:
|
|
Enable/disable open pinhole for Record-Route port. Choices:
|
|
Enable/disable open pinhole for REGISTER Contact port. Choices:
|
|
Enable/disable open pinhole for Via port. Choices:
|
|
OPTIONS request rate limit |
|
Track the packet protocol field. Choices:
|
|
PRACK request rate limit |
|
Track the packet protocol field. Choices:
|
|
Override i line to preserve original IPS Choices:
|
|
Expiry time for provisional INVITE |
|
PUBLISH request rate limit |
|
Track the packet protocol field. Choices:
|
|
REFER request rate limit |
|
Track the packet protocol field. Choices:
|
|
Enable/disable trace original IP/port within the contact header of REGISTER requests. Choices:
|
|
REGISTER request rate limit |
|
Track the packet protocol field. Choices:
|
|
Enable/disable support via branch compliant with RFC 2543. Choices:
|
|
Enable/disable create pinholes for RTP traffic to traverse firewall. Choices:
|
|
Relative strength of encryption algorithms accepted in negotiation. Choices:
|
|
Require a client certificate and authenticate it with the peer/peergrp. |
|
Authenticate the servers certificate with the peer/peergrp. |
|
Name of Certificate to offer to server if requested. |
|
Allow/block client renegotiation by server. Choices:
|
|
Highest SSL/TLS version to negotiate. Choices:
|
|
Lowest SSL/TLS version to negotiate. Choices:
|
|
SSL/TLS mode for encryption & decryption of traffic. Choices:
|
|
SSL Perfect Forward Secrecy. Choices:
|
|
Send empty fragments to avoid attack on CBC IV Choices:
|
|
Name of Certificate return to the client in every SSL connection. |
|
Enable/disable SIP. Choices:
|
|
Enable/disable only allow the registrar to connect. Choices:
|
|
SUBSCRIBE request rate limit |
|
Track the packet protocol field. Choices:
|
|
Action for unknown SIP header. Choices:
|
|
UPDATE request rate limit |
|
Track the packet protocol field. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: SIP.
fmgr_voip_profile_sip:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack-rate: <integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <integer>
call-keepalive: <integer>
cancel-rate: <integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <integer>
invite-rate: <integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <integer>
max-dialogs: <integer>
max-idle-dialogs: <integer>
max-line-length: <integer>
message-rate: <integer>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <integer>
prack-rate: <integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <integer>
publish-rate: <integer>
refer-rate: <integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <string>
ssl-auth-server: <string>
ssl-client-certificate: <string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <integer>
nat-port-range: <string>
ack-rate-track: <value in [none, src-ip, dest-ip]>
bye-rate-track: <value in [none, src-ip, dest-ip]>
cancel-rate-track: <value in [none, src-ip, dest-ip]>
info-rate-track: <value in [none, src-ip, dest-ip]>
invite-rate-track: <value in [none, src-ip, dest-ip]>
malformed-header-no-proxy-require: <value in [pass, discard, respond]>
malformed-header-no-require: <value in [pass, discard, respond]>
message-rate-track: <value in [none, src-ip, dest-ip]>
notify-rate-track: <value in [none, src-ip, dest-ip]>
options-rate-track: <value in [none, src-ip, dest-ip]>
prack-rate-track: <value in [none, src-ip, dest-ip]>
publish-rate-track: <value in [none, src-ip, dest-ip]>
refer-rate-track: <value in [none, src-ip, dest-ip]>
register-rate-track: <value in [none, src-ip, dest-ip]>
subscribe-rate-track: <value in [none, src-ip, dest-ip]>
update-rate-track: <value in [none, src-ip, dest-ip]>
call-id-regex: <string>
content-type-regex: <string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |