fortinet.fortimanager.fmgr_firewall_gtp module – Configure GTP.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_gtp.

New in fortinet.fortimanager 2.0.0

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
adom string / required	The parameter (adom) in requested url.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: false ← (default) true
enable_log boolean	Enable/Disable logging for task. Choices: false ← (default) true
firewall_gtp dictionary	The top level parameters set.
addr_notify string	Overbilling notify address
apn list / elements=dictionary	Apn.
action string	Action. Choices: "allow" "deny"
apnmember any	(list or str) APN member.
id integer	ID.
selection_mode list / elements=string	APN selection mode. Choices: "ms" "net" "vrf"
apn_filter string	Apn filter Choices: "disable" "enable"
authorized_ggsns string	Authorized GGSN group
authorized_ggsns6 string	Authorized GGSN/PGW IPv6 group.
authorized_sgsns string	Authorized SGSN group
authorized_sgsns6 string	Authorized SGSN/SGW IPv6 group.
comment string	Comment.
context_id integer	Overbilling context.
control_plane_message_rate_limit integer	Control plane message rate limit
default_apn_action string	Default apn action Choices: "allow" "deny"
default_imsi_action string	Default imsi action Choices: "allow" "deny"
default_ip_action string	Default action for encapsulated IP traffic Choices: "allow" "deny"
default_noip_action string	Default action for encapsulated non-IP traffic Choices: "allow" "deny"
default_policy_action string	Default advanced policy action Choices: "allow" "deny"
denied_log string	Log denied Choices: "disable" "enable"
echo_request_interval integer	Echo request interval
extension_log string	Log in extension format Choices: "disable" "enable"
forwarded_log string	Log forwarded Choices: "disable" "enable"
global_tunnel_limit string	Global tunnel limit.
gtp_in_gtp string	Gtp in gtp Choices: "allow" "deny"
gtpu_denied_log string	Enable/disable logging of denied GTP-U packets. Choices: "disable" "enable"
gtpu_forwarded_log string	Enable/disable logging of forwarded GTP-U packets. Choices: "disable" "enable"
gtpu_log_freq integer	Logging of frequency of GTP-U packets.
gtpv0 string	GTPv0 traffic. Choices: "allow" "deny"
half_close_timeout integer	Half-close tunnel timeout
half_open_timeout integer	Half-open tunnel timeout
handover_group string	Handover SGSN group
handover_group6 string	Handover SGSN/SGW IPv6 group.
ie_allow_list_v0v1 string	IE allow list.
ie_allow_list_v2 string	IE allow list.
ie_remove_policy list / elements=dictionary	Ie remove policy.
id integer	ID.
remove_ies list / elements=string	GTP IEs to be removed. Choices: "apn-restriction" "rat-type" "rai" "uli" "imei"
sgsn_addr string	SGSN address name.
sgsn_addr6 string	SGSN IPv6 address name.
ie_remover string	IE removal policy. Choices: "disable" "enable"
ie_validation dictionary	Ie validation.
apn_restriction string	Validate APN restriction. Choices: "disable" "enable"
charging_gateway_addr string	Validate charging gateway address. Choices: "disable" "enable"
charging_ID string	Validate charging ID. Choices: "disable" "enable"
end_user_addr string	Validate end user address. Choices: "disable" "enable"
gsn_addr string	Validate GSN address. Choices: "disable" "enable"
imei string	Validate IMEI Choices: "disable" "enable"
imsi string	Validate IMSI. Choices: "disable" "enable"
mm_context string	Validate MM context. Choices: "disable" "enable"
ms_tzone string	Validate MS time zone. Choices: "disable" "enable"
ms_validated string	Validate MS validated. Choices: "disable" "enable"
msisdn string	Validate MSISDN. Choices: "disable" "enable"
nsapi string	Validate NSAPI. Choices: "disable" "enable"
pdp_context string	Validate PDP context. Choices: "disable" "enable"
qos_profile string	Validate Quality of Service Choices: "disable" "enable"
rai string	Validate RAI. Choices: "disable" "enable"
rat_type string	Validate RAT type. Choices: "disable" "enable"
reordering_required string	Validate re-ordering required. Choices: "disable" "enable"
selection_mode string	Validate selection mode. Choices: "disable" "enable"
uli string	Validate user location information. Choices: "disable" "enable"
ie_white_list_v0v1 string	IE white list.
ie_white_list_v2 string	IE white list.
imsi list / elements=dictionary	Imsi.
action string	Action. Choices: "allow" "deny"
apnmember any	(list or str) APN member.
id integer	ID.
mcc_mnc string	MCC MNC.
msisdn_prefix string	MSISDN prefix.
selection_mode list / elements=string	APN selection mode. Choices: "ms" "net" "vrf"
imsi_filter string	Imsi filter Choices: "disable" "enable"
interface_notify string	Overbilling interface
invalid_reserved_field string	Invalid reserved field in GTP header Choices: "allow" "deny"
invalid_sgsns6_to_log string	Invalid SGSN IPv6 group to be logged.
invalid_sgsns_to_log string	Invalid SGSN group to be logged
ip_filter string	IP filter for encapsulted traffic Choices: "disable" "enable"
ip_policy list / elements=dictionary	Ip policy.
action string	Action. Choices: "allow" "deny"
dstaddr string	Destination address name.
dstaddr6 string	Destination IPv6 address name.
id integer	ID.
srcaddr string	Source address name.
srcaddr6 string	Source IPv6 address name.
log_freq integer	Logging of frequency of GTP-C packets.
log_gtpu_limit integer	The user data log limit
log_imsi_prefix string	IMSI prefix for selective logging.
log_msisdn_prefix string	The msisdn prefix for selective logging
max_message_length integer	Max message length
message_filter dictionary	Message filter.
create_aa_pdp string	Create AA PDP. Choices: "allow" "deny"
create_mbms string	Create MBMS. Choices: "allow" "deny"
create_pdp string	Create PDP. Choices: "allow" "deny"
data_record string	Data record. Choices: "allow" "deny"
delete_aa_pdp string	Delete AA PDP. Choices: "allow" "deny"
delete_mbms string	Delete MBMS. Choices: "allow" "deny"
delete_pdp string	Delete PDP. Choices: "allow" "deny"
echo string	Echo. Choices: "allow" "deny"
error_indication string	Error indication. Choices: "allow" "deny"
failure_report string	Failure report. Choices: "allow" "deny"
fwd_relocation string	Forward relocation. Choices: "allow" "deny"
fwd_srns_context string	Forward SRNS context. Choices: "allow" "deny"
gtp_pdu string	GTP PDU. Choices: "allow" "deny"
identification string	Identification. Choices: "allow" "deny"
mbms_notification string	MBMS notification. Choices: "allow" "deny"
node_alive string	Node alive. Choices: "allow" "deny"
note_ms_present string	Note MS present. Choices: "allow" "deny"
pdu_notification string	PDU notification. Choices: "allow" "deny"
ran_info string	Ran info. Choices: "allow" "deny"
redirection string	Redirection. Choices: "allow" "deny"
relocation_cancel string	Relocation cancel. Choices: "allow" "deny"
send_route string	Send route. Choices: "allow" "deny"
sgsn_context string	SGSN context. Choices: "allow" "deny"
support_extension string	Support extension. Choices: "allow" "deny"
unknown_message_action string	Unknown message action. Choices: "allow" "deny"
update_mbms string	Update MBMS. Choices: "allow" "deny"
update_pdp string	Update PDP. Choices: "allow" "deny"
version_not_support string	Version not supported. Choices: "allow" "deny"
message_filter_v0v1 string	Message filter.
message_filter_v2 string	Message filter.
message_rate_limit dictionary	Message rate limit.
create_aa_pdp_request integer	Rate limit for create AA PDP context request
create_aa_pdp_response integer	Rate limit for create AA PDP context response
create_mbms_request integer	Rate limit for create MBMS context request
create_mbms_response integer	Rate limit for create MBMS context response
create_pdp_request integer	Rate limit for create PDP context request
create_pdp_response integer	Rate limit for create PDP context response
delete_aa_pdp_request integer	Rate limit for delete AA PDP context request
delete_aa_pdp_response integer	Rate limit for delete AA PDP context response
delete_mbms_request integer	Rate limit for delete MBMS context request
delete_mbms_response integer	Rate limit for delete MBMS context response
delete_pdp_request integer	Rate limit for delete PDP context request
delete_pdp_response integer	Rate limit for delete PDP context response
echo_reponse integer	Rate limit for echo response
echo_request integer	Rate limit for echo requests
echo_response integer	Rate limit for echo response
error_indication integer	Rate limit for error indication
failure_report_request integer	Rate limit for failure report request
failure_report_response integer	Rate limit for failure report response
fwd_reloc_complete_ack integer	Rate limit for forward relocation complete acknowledge
fwd_relocation_complete integer	Rate limit for forward relocation complete
fwd_relocation_request integer	Rate limit for forward relocation request
fwd_relocation_response integer	Rate limit for forward relocation response
fwd_srns_context integer	Rate limit for forward SRNS context
fwd_srns_context_ack integer	Rate limit for forward SRNS context acknowledge
g_pdu integer	Rate limit for G-PDU
identification_request integer	Rate limit for identification request
identification_response integer	Rate limit for identification response
mbms_de_reg_request integer	Rate limit for MBMS de-registration request
mbms_de_reg_response integer	Rate limit for MBMS de-registration response
mbms_notify_rej_request integer	Rate limit for MBMS notification reject request
mbms_notify_rej_response integer	Rate limit for MBMS notification reject response
mbms_notify_request integer	Rate limit for MBMS notification request
mbms_notify_response integer	Rate limit for MBMS notification response
mbms_reg_request integer	Rate limit for MBMS registration request
mbms_reg_response integer	Rate limit for MBMS registration response
mbms_ses_start_request integer	Rate limit for MBMS session start request
mbms_ses_start_response integer	Rate limit for MBMS session start response
mbms_ses_stop_request integer	Rate limit for MBMS session stop request
mbms_ses_stop_response integer	Rate limit for MBMS session stop response
note_ms_request integer	Rate limit for note MS GPRS present request
note_ms_response integer	Rate limit for note MS GPRS present response
pdu_notify_rej_request integer	Rate limit for PDU notify reject request
pdu_notify_rej_response integer	Rate limit for PDU notify reject response
pdu_notify_request integer	Rate limit for PDU notify request
pdu_notify_response integer	Rate limit for PDU notify response
ran_info integer	Rate limit for RAN information relay
relocation_cancel_request integer	Rate limit for relocation cancel request
relocation_cancel_response integer	Rate limit for relocation cancel response
send_route_request integer	Rate limit for send routing information for GPRS request
send_route_response integer	Rate limit for send routing information for GPRS response
sgsn_context_ack integer	Rate limit for SGSN context acknowledgement
sgsn_context_request integer	Rate limit for SGSN context request
sgsn_context_response integer	Rate limit for SGSN context response
support_ext_hdr_notify integer	Rate limit for support extension headers notification
update_mbms_request integer	Rate limit for update MBMS context request
update_mbms_response integer	Rate limit for update MBMS context response
update_pdp_request integer	Rate limit for update PDP context request
update_pdp_response integer	Rate limit for update PDP context response
version_not_support integer	Rate limit for version not supported
message_rate_limit_v0 dictionary	Message rate limit v0.
create_pdp_request integer	Rate limit
delete_pdp_request integer	Rate limit
echo_request integer	Rate limit
message_rate_limit_v1 dictionary	Message rate limit v1.
create_pdp_request integer	Rate limit
delete_pdp_request integer	Rate limit
echo_request integer	Rate limit
message_rate_limit_v2 dictionary	Message rate limit v2.
create_session_request integer	Rate limit
delete_session_request integer	Rate limit
echo_request integer	Rate limit
min_message_length integer	Min message length
miss_must_ie string	Missing mandatory information element Choices: "allow" "deny"
monitor_mode string	GTP monitor mode Choices: "disable" "enable" "vdom"
name string / required	Profile name.
noip_filter string	Non-IP filter for encapsulted traffic Choices: "disable" "enable"
noip_policy list / elements=dictionary	Noip policy.
action string	Action. Choices: "allow" "deny"
end integer	End of protocol range
id integer	ID.
start integer	Start of protocol range
type string	Protocol field type. Choices: "etsi" "ietf"
out_of_state_ie string	Out of state information element. Choices: "allow" "deny"
out_of_state_message string	Out of state GTP message Choices: "allow" "deny"
per_apn_shaper list / elements=dictionary	Per apn shaper.
apn string	APN name.
id integer	ID.
rate_limit integer	Rate limit
version integer	GTP version number
policy list / elements=dictionary	Policy.
action string	Action. Choices: "allow" "deny"
apn string	APN subfix.
apn_sel_mode list / elements=string	APN selection mode. Choices: "ms" "net" "vrf"
apnmember any	(list or str) APN member.
id integer	ID.
imei string	IMEI
imsi string	IMSI prefix.
imsi_prefix string	IMSI prefix.
max_apn_restriction string	Maximum APN restriction value. Choices: "all" "public-1" "public-2" "private-1" "private-2"
messages list / elements=string	GTP messages. Choices: "create-req" "create-res" "update-req" "update-res"
msisdn string	MSISDN prefix.
msisdn_prefix string	MSISDN prefix.
rai string	RAI pattern.
rat_type list / elements=string	RAT Type. Choices: "any" "utran" "geran" "wlan" "gan" "hspa" "eutran" "virtual" "nbiot"
uli string	ULI pattern.
policy_filter string	Advanced policy filter Choices: "disable" "enable"
policy_v2 list / elements=dictionary	Policy v2.
action string	Action. Choices: "deny" "allow"
apn_sel_mode list / elements=string	APN selection mode. Choices: "ms" "net" "vrf"
apnmember any	(list or str) APN member.
id integer	ID.
imsi_prefix string	IMSI prefix.
max_apn_restriction string	Maximum APN restriction value. Choices: "all" "public-1" "public-2" "private-1" "private-2"
mei string	MEI pattern.
messages list / elements=string	GTP messages. Choices: "create-ses-req" "create-ses-res" "modify-bearer-req" "modify-bearer-res"
msisdn_prefix string	MSISDN prefix.
rat_type list / elements=string	RAT Type. Choices: "any" "utran" "geran" "wlan" "gan" "hspa" "eutran" "virtual" "nbiot" "ltem" "nr"
uli any	(list) GTPv2 ULI patterns
port_notify integer	Overbilling notify port
rat_timeout_profile string	RAT timeout profile.
rate_limit_mode string	GTP rate limit mode. Choices: "per-profile" "per-stream" "per-apn"
rate_limited_log string	Log rate limited Choices: "disable" "enable"
rate_sampling_interval integer	Rate sampling interval
remove_if_echo_expires string	Remove if echo response expires Choices: "disable" "enable"
remove_if_recovery_differ string	Remove upon different Recovery IE Choices: "disable" "enable"
reserved_ie string	Reserved information element Choices: "allow" "deny"
send_delete_when_timeout string	Send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. Choices: "disable" "enable"
send_delete_when_timeout_v2 string	Send DELETE request to path endpoints when GTPv2 tunnel timeout. Choices: "disable" "enable"
spoof_src_addr string	Spoofed source address for Mobile Station. Choices: "allow" "deny"
state_invalid_log string	Log state invalid Choices: "disable" "enable"
sub_second_interval string	Sub-second interval Choices: "0.1" "0.25" "0.5"
sub_second_sampling string	Enable/disable sub-second sampling. Choices: "disable" "enable"
traffic_count_log string	Log tunnel traffic counter Choices: "disable" "enable"
tunnel_limit integer	Tunnel limit
tunnel_limit_log string	Tunnel limit Choices: "disable" "enable"
tunnel_timeout integer	Established tunnel timeout
unknown_version_action string	Action for unknown gtp version Choices: "allow" "deny"
user_plane_message_rate_limit integer	User plane message rate limit
warning_threshold integer	Warning threshold for rate limiting
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: "update" "set" "add"
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: "present" "absent"
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: 300

Notes

Note

• Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure GTP.
      fortinet.fortimanager.fmgr_firewall_gtp:
        bypass_validation: false
        adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom
        state: present
        firewall_gtp:
          monitor-mode: disable # <value in [disable, enable, vdom]>
          name: "ansible-test"

- name: Gathering fortimanager facts
  hosts: fortimanagers
  gather_facts: false
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Retrieve all the GTPs
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "firewall_gtp"
          params:
            adom: "FortiCarrier" # This is FOC-only object, need a FortiCarrier adom
            gtp: "your_value"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: "/sys/login/user"
response_code integer	The status of api request. Returned: always Sample: 0
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: "OK."
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: 0
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)