fortinet.fortimanager.fmgr_firewall_gtp module – Configure GTP.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_gtp.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
The top level parameters set. |
|
Deprecated, please rename it to addr_notify. Overbilling notify address |
|
Apn. |
|
Action. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
Deprecated, please rename it to selection_mode. APN selection mode. Choices:
|
|
Deprecated, please rename it to apn_filter. Apn filter Choices:
|
|
Deprecated, please rename it to authorized_ggsns. Authorized GGSN group |
|
Deprecated, please rename it to authorized_ggsns6. Authorized GGSN/PGW IPv6 group. |
|
Deprecated, please rename it to authorized_sgsns. Authorized SGSN group |
|
Deprecated, please rename it to authorized_sgsns6. Authorized SGSN/SGW IPv6 group. |
|
Comment. |
|
Deprecated, please rename it to context_id. Overbilling context. |
|
Deprecated, please rename it to control_plane_message_rate_limit. Control plane message rate limit |
|
Deprecated, please rename it to default_apn_action. Default apn action Choices:
|
|
Deprecated, please rename it to default_imsi_action. Default imsi action Choices:
|
|
Deprecated, please rename it to default_ip_action. Default action for encapsulated IP traffic Choices:
|
|
Deprecated, please rename it to default_noip_action. Default action for encapsulated non-IP traffic Choices:
|
|
Deprecated, please rename it to default_policy_action. Default advanced policy action Choices:
|
|
Deprecated, please rename it to denied_log. Log denied Choices:
|
|
Deprecated, please rename it to echo_request_interval. Echo request interval |
|
Deprecated, please rename it to extension_log. Log in extension format Choices:
|
|
Deprecated, please rename it to forwarded_log. Log forwarded Choices:
|
|
Deprecated, please rename it to global_tunnel_limit. Global tunnel limit. |
|
Deprecated, please rename it to gtp_in_gtp. Gtp in gtp Choices:
|
|
Deprecated, please rename it to gtpu_denied_log. Enable/disable logging of denied GTP-U packets. Choices:
|
|
Deprecated, please rename it to gtpu_forwarded_log. Enable/disable logging of forwarded GTP-U packets. Choices:
|
|
Deprecated, please rename it to gtpu_log_freq. Logging of frequency of GTP-U packets. |
|
GTPv0 traffic. Choices:
|
|
Deprecated, please rename it to half_close_timeout. Half-close tunnel timeout |
|
Deprecated, please rename it to half_open_timeout. Half-open tunnel timeout |
|
Deprecated, please rename it to handover_group. Handover SGSN group |
|
Deprecated, please rename it to handover_group6. Handover SGSN/SGW IPv6 group. |
|
Deprecated, please rename it to ie_allow_list_v0v1. IE allow list. |
|
Deprecated, please rename it to ie_allow_list_v2. IE allow list. |
|
Deprecated, please rename it to ie_remove_policy. Ie remove policy. |
|
ID. |
|
Deprecated, please rename it to remove_ies. GTP IEs to be removed. Choices:
|
|
Deprecated, please rename it to sgsn_addr. SGSN address name. |
|
Deprecated, please rename it to sgsn_addr6. SGSN IPv6 address name. |
|
Deprecated, please rename it to ie_remover. IE removal policy. Choices:
|
|
Deprecated, please rename it to ie_validation. Ie validation. |
|
Deprecated, please rename it to apn_restriction. Validate APN restriction. Choices:
|
|
Deprecated, please rename it to charging_gateway_addr. Validate charging gateway address. Choices:
|
|
Deprecated, please rename it to charging_ID. Validate charging ID. Choices:
|
|
Deprecated, please rename it to end_user_addr. Validate end user address. Choices:
|
|
Deprecated, please rename it to gsn_addr. Validate GSN address. Choices:
|
|
Validate IMEI Choices:
|
|
Validate IMSI. Choices:
|
|
Deprecated, please rename it to mm_context. Validate MM context. Choices:
|
|
Deprecated, please rename it to ms_tzone. Validate MS time zone. Choices:
|
|
Deprecated, please rename it to ms_validated. Validate MS validated. Choices:
|
|
Validate MSISDN. Choices:
|
|
Validate NSAPI. Choices:
|
|
Deprecated, please rename it to pdp_context. Validate PDP context. Choices:
|
|
Deprecated, please rename it to qos_profile. Validate Quality of Service Choices:
|
|
Validate RAI. Choices:
|
|
Deprecated, please rename it to rat_type. Validate RAT type. Choices:
|
|
Deprecated, please rename it to reordering_required. Validate re-ordering required. Choices:
|
|
Deprecated, please rename it to selection_mode. Validate selection mode. Choices:
|
|
Validate user location information. Choices:
|
|
Deprecated, please rename it to ie_white_list_v0v1. IE white list. |
|
Deprecated, please rename it to ie_white_list_v2. IE white list. |
|
Imsi. |
|
Action. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
Deprecated, please rename it to mcc_mnc. MCC MNC. |
|
Deprecated, please rename it to msisdn_prefix. MSISDN prefix. |
|
Deprecated, please rename it to selection_mode. APN selection mode. Choices:
|
|
Deprecated, please rename it to imsi_filter. Imsi filter Choices:
|
|
Deprecated, please rename it to interface_notify. Overbilling interface |
|
Deprecated, please rename it to invalid_reserved_field. Invalid reserved field in GTP header Choices:
|
|
Deprecated, please rename it to invalid_sgsns_to_log. Invalid SGSN group to be logged |
|
Deprecated, please rename it to invalid_sgsns6_to_log. Invalid SGSN IPv6 group to be logged. |
|
Deprecated, please rename it to ip_filter. IP filter for encapsulted traffic Choices:
|
|
Deprecated, please rename it to ip_policy. Ip policy. |
|
Action. Choices:
|
|
Destination address name. |
|
Destination IPv6 address name. |
|
ID. |
|
Source address name. |
|
Source IPv6 address name. |
|
Deprecated, please rename it to log_freq. Logging of frequency of GTP-C packets. |
|
Deprecated, please rename it to log_gtpu_limit. The user data log limit |
|
Deprecated, please rename it to log_imsi_prefix. IMSI prefix for selective logging. |
|
Deprecated, please rename it to log_msisdn_prefix. The msisdn prefix for selective logging |
|
Deprecated, please rename it to max_message_length. Max message length |
|
Deprecated, please rename it to message_filter. Message filter. |
|
Deprecated, please rename it to create_aa_pdp. Create AA PDP. Choices:
|
|
Deprecated, please rename it to create_mbms. Create MBMS. Choices:
|
|
Deprecated, please rename it to create_pdp. Create PDP. Choices:
|
|
Deprecated, please rename it to data_record. Data record. Choices:
|
|
Deprecated, please rename it to delete_aa_pdp. Delete AA PDP. Choices:
|
|
Deprecated, please rename it to delete_mbms. Delete MBMS. Choices:
|
|
Deprecated, please rename it to delete_pdp. Delete PDP. Choices:
|
|
Echo. Choices:
|
|
Deprecated, please rename it to error_indication. Error indication. Choices:
|
|
Deprecated, please rename it to failure_report. Failure report. Choices:
|
|
Deprecated, please rename it to fwd_relocation. Forward relocation. Choices:
|
|
Deprecated, please rename it to fwd_srns_context. Forward SRNS context. Choices:
|
|
Deprecated, please rename it to gtp_pdu. GTP PDU. Choices:
|
|
Identification. Choices:
|
|
Deprecated, please rename it to mbms_notification. MBMS notification. Choices:
|
|
Deprecated, please rename it to node_alive. Node alive. Choices:
|
|
Deprecated, please rename it to note_ms_present. Note MS present. Choices:
|
|
Deprecated, please rename it to pdu_notification. PDU notification. Choices:
|
|
Deprecated, please rename it to ran_info. Ran info. Choices:
|
|
Redirection. Choices:
|
|
Deprecated, please rename it to relocation_cancel. Relocation cancel. Choices:
|
|
Deprecated, please rename it to send_route. Send route. Choices:
|
|
Deprecated, please rename it to sgsn_context. SGSN context. Choices:
|
|
Deprecated, please rename it to support_extension. Support extension. Choices:
|
|
Deprecated, please rename it to unknown_message_action. Unknown message action. Choices:
|
|
Deprecated, please rename it to update_mbms. Update MBMS. Choices:
|
|
Deprecated, please rename it to update_pdp. Update PDP. Choices:
|
|
Deprecated, please rename it to version_not_support. Version not supported. Choices:
|
|
Deprecated, please rename it to message_filter_v0v1. Message filter. |
|
Deprecated, please rename it to message_filter_v2. Message filter. |
|
Deprecated, please rename it to message_rate_limit. Message rate limit. |
|
Deprecated, please rename it to create_aa_pdp_request. Rate limit for create AA PDP context request |
|
Deprecated, please rename it to create_aa_pdp_response. Rate limit for create AA PDP context response |
|
Deprecated, please rename it to create_mbms_request. Rate limit for create MBMS context request |
|
Deprecated, please rename it to create_mbms_response. Rate limit for create MBMS context response |
|
Deprecated, please rename it to create_pdp_request. Rate limit for create PDP context request |
|
Deprecated, please rename it to create_pdp_response. Rate limit for create PDP context response |
|
Deprecated, please rename it to delete_aa_pdp_request. Rate limit for delete AA PDP context request |
|
Deprecated, please rename it to delete_aa_pdp_response. Rate limit for delete AA PDP context response |
|
Deprecated, please rename it to delete_mbms_request. Rate limit for delete MBMS context request |
|
Deprecated, please rename it to delete_mbms_response. Rate limit for delete MBMS context response |
|
Deprecated, please rename it to delete_pdp_request. Rate limit for delete PDP context request |
|
Deprecated, please rename it to delete_pdp_response. Rate limit for delete PDP context response |
|
Deprecated, please rename it to echo_reponse. Rate limit for echo response |
|
Deprecated, please rename it to echo_request. Rate limit for echo requests |
|
Deprecated, please rename it to echo_response. Rate limit for echo response |
|
Deprecated, please rename it to error_indication. Rate limit for error indication |
|
Deprecated, please rename it to failure_report_request. Rate limit for failure report request |
|
Deprecated, please rename it to failure_report_response. Rate limit for failure report response |
|
Deprecated, please rename it to fwd_reloc_complete_ack. Rate limit for forward relocation complete acknowledge |
|
Deprecated, please rename it to fwd_relocation_complete. Rate limit for forward relocation complete |
|
Deprecated, please rename it to fwd_relocation_request. Rate limit for forward relocation request |
|
Deprecated, please rename it to fwd_relocation_response. Rate limit for forward relocation response |
|
Deprecated, please rename it to fwd_srns_context. Rate limit for forward SRNS context |
|
Deprecated, please rename it to fwd_srns_context_ack. Rate limit for forward SRNS context acknowledge |
|
Deprecated, please rename it to g_pdu. Rate limit for G-PDU |
|
Deprecated, please rename it to identification_request. Rate limit for identification request |
|
Deprecated, please rename it to identification_response. Rate limit for identification response |
|
Deprecated, please rename it to mbms_de_reg_request. Rate limit for MBMS de-registration request |
|
Deprecated, please rename it to mbms_de_reg_response. Rate limit for MBMS de-registration response |
|
Deprecated, please rename it to mbms_notify_rej_request. Rate limit for MBMS notification reject request |
|
Deprecated, please rename it to mbms_notify_rej_response. Rate limit for MBMS notification reject response |
|
Deprecated, please rename it to mbms_notify_request. Rate limit for MBMS notification request |
|
Deprecated, please rename it to mbms_notify_response. Rate limit for MBMS notification response |
|
Deprecated, please rename it to mbms_reg_request. Rate limit for MBMS registration request |
|
Deprecated, please rename it to mbms_reg_response. Rate limit for MBMS registration response |
|
Deprecated, please rename it to mbms_ses_start_request. Rate limit for MBMS session start request |
|
Deprecated, please rename it to mbms_ses_start_response. Rate limit for MBMS session start response |
|
Deprecated, please rename it to mbms_ses_stop_request. Rate limit for MBMS session stop request |
|
Deprecated, please rename it to mbms_ses_stop_response. Rate limit for MBMS session stop response |
|
Deprecated, please rename it to note_ms_request. Rate limit for note MS GPRS present request |
|
Deprecated, please rename it to note_ms_response. Rate limit for note MS GPRS present response |
|
Deprecated, please rename it to pdu_notify_rej_request. Rate limit for PDU notify reject request |
|
Deprecated, please rename it to pdu_notify_rej_response. Rate limit for PDU notify reject response |
|
Deprecated, please rename it to pdu_notify_request. Rate limit for PDU notify request |
|
Deprecated, please rename it to pdu_notify_response. Rate limit for PDU notify response |
|
Deprecated, please rename it to ran_info. Rate limit for RAN information relay |
|
Deprecated, please rename it to relocation_cancel_request. Rate limit for relocation cancel request |
|
Deprecated, please rename it to relocation_cancel_response. Rate limit for relocation cancel response |
|
Deprecated, please rename it to send_route_request. Rate limit for send routing information for GPRS request |
|
Deprecated, please rename it to send_route_response. Rate limit for send routing information for GPRS response |
|
Deprecated, please rename it to sgsn_context_ack. Rate limit for SGSN context acknowledgement |
|
Deprecated, please rename it to sgsn_context_request. Rate limit for SGSN context request |
|
Deprecated, please rename it to sgsn_context_response. Rate limit for SGSN context response |
|
Deprecated, please rename it to support_ext_hdr_notify. Rate limit for support extension headers notification |
|
Deprecated, please rename it to update_mbms_request. Rate limit for update MBMS context request |
|
Deprecated, please rename it to update_mbms_response. Rate limit for update MBMS context response |
|
Deprecated, please rename it to update_pdp_request. Rate limit for update PDP context request |
|
Deprecated, please rename it to update_pdp_response. Rate limit for update PDP context response |
|
Deprecated, please rename it to version_not_support. Rate limit for version not supported |
|
Deprecated, please rename it to message_rate_limit_v0. Message rate limit v0. |
|
Deprecated, please rename it to create_pdp_request. Rate limit |
|
Deprecated, please rename it to delete_pdp_request. Rate limit |
|
Deprecated, please rename it to echo_request. Rate limit |
|
Deprecated, please rename it to message_rate_limit_v1. Message rate limit v1. |
|
Deprecated, please rename it to create_pdp_request. Rate limit |
|
Deprecated, please rename it to delete_pdp_request. Rate limit |
|
Deprecated, please rename it to echo_request. Rate limit |
|
Deprecated, please rename it to message_rate_limit_v2. Message rate limit v2. |
|
Deprecated, please rename it to create_session_request. Rate limit |
|
Deprecated, please rename it to delete_session_request. Rate limit |
|
Deprecated, please rename it to echo_request. Rate limit |
|
Deprecated, please rename it to min_message_length. Min message length |
|
Deprecated, please rename it to miss_must_ie. Missing mandatory information element Choices:
|
|
Deprecated, please rename it to monitor_mode. GTP monitor mode Choices:
|
|
Profile name. |
|
Deprecated, please rename it to noip_filter. Non-IP filter for encapsulted traffic Choices:
|
|
Deprecated, please rename it to noip_policy. Noip policy. |
|
Action. Choices:
|
|
End of protocol range |
|
ID. |
|
Start of protocol range |
|
Protocol field type. Choices:
|
|
Deprecated, please rename it to out_of_state_ie. Out of state information element. Choices:
|
|
Deprecated, please rename it to out_of_state_message. Out of state GTP message Choices:
|
|
Deprecated, please rename it to per_apn_shaper. Per apn shaper. |
|
APN name. |
|
ID. |
|
Deprecated, please rename it to rate_limit. Rate limit |
|
GTP version number |
|
Policy. |
|
Action. Choices:
|
|
APN subfix. |
|
Deprecated, please rename it to apn_sel_mode. APN selection mode. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
IMEI |
|
IMSI prefix. |
|
Deprecated, please rename it to imsi_prefix. IMSI prefix. |
|
Deprecated, please rename it to max_apn_restriction. Maximum APN restriction value. Choices:
|
|
GTP messages. Choices:
|
|
MSISDN prefix. |
|
Deprecated, please rename it to msisdn_prefix. MSISDN prefix. |
|
RAI pattern. |
|
Deprecated, please rename it to rat_type. RAT Type. Choices:
|
|
ULI pattern. |
|
Deprecated, please rename it to policy_filter. Advanced policy filter Choices:
|
|
Deprecated, please rename it to policy_v2. Policy v2. |
|
Action. Choices:
|
|
Deprecated, please rename it to apn_sel_mode. APN selection mode. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
Deprecated, please rename it to imsi_prefix. IMSI prefix. |
|
Deprecated, please rename it to max_apn_restriction. Maximum APN restriction value. Choices:
|
|
MEI pattern. |
|
GTP messages. Choices:
|
|
Deprecated, please rename it to msisdn_prefix. MSISDN prefix. |
|
Deprecated, please rename it to rat_type. RAT Type. Choices:
|
|
(list) GTPv2 ULI patterns |
|
Deprecated, please rename it to port_notify. Overbilling notify port |
|
Deprecated, please rename it to rat_timeout_profile. RAT timeout profile. |
|
Deprecated, please rename it to rate_limit_mode. GTP rate limit mode. Choices:
|
|
Deprecated, please rename it to rate_limited_log. Log rate limited Choices:
|
|
Deprecated, please rename it to rate_sampling_interval. Rate sampling interval |
|
Deprecated, please rename it to remove_if_echo_expires. Remove if echo response expires Choices:
|
|
Deprecated, please rename it to remove_if_recovery_differ. Remove upon different Recovery IE Choices:
|
|
Deprecated, please rename it to reserved_ie. Reserved information element Choices:
|
|
Deprecated, please rename it to send_delete_when_timeout. Send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. Choices:
|
|
Deprecated, please rename it to send_delete_when_timeout_v2. Send DELETE request to path endpoints when GTPv2 tunnel timeout. Choices:
|
|
Deprecated, please rename it to spoof_src_addr. Spoofed source address for Mobile Station. Choices:
|
|
Deprecated, please rename it to state_invalid_log. Log state invalid Choices:
|
|
Deprecated, please rename it to sub_second_interval. Sub-second interval Choices:
|
|
Deprecated, please rename it to sub_second_sampling. Enable/disable sub-second sampling. Choices:
|
|
Deprecated, please rename it to traffic_count_log. Log tunnel traffic counter Choices:
|
|
Deprecated, please rename it to tunnel_limit. Tunnel limit |
|
Deprecated, please rename it to tunnel_limit_log. Tunnel limit Choices:
|
|
Deprecated, please rename it to tunnel_timeout. Established tunnel timeout |
|
Deprecated, please rename it to unknown_version_action. Action for unknown gtp version Choices:
|
|
Deprecated, please rename it to user_plane_message_rate_limit. User plane message rate limit |
|
Deprecated, please rename it to warning_threshold. Warning threshold for rate limiting |
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure GTP.
fortinet.fortimanager.fmgr_firewall_gtp:
bypass_validation: false
adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom
state: present
firewall_gtp:
monitor-mode: disable # <value in [disable, enable, vdom]>
name: "ansible-test"
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the GTPs
fortinet.fortimanager.fmgr_fact:
facts:
selector: "firewall_gtp"
params:
adom: "FortiCarrier" # This is FOC-only object, need a FortiCarrier adom
gtp: "your_value"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |