fortinet.fortimanager.fmgr_voip_profile_sip module – SIP.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The parameter (profile) in requested url. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The top level parameters set. |
|
Deprecated, please rename it to ack_rate. ACK request rate limit |
|
Deprecated, please rename it to ack_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to block_ack. Enable/disable block ACK requests. Choices:
|
|
Deprecated, please rename it to block_bye. Enable/disable block BYE requests. Choices:
|
|
Deprecated, please rename it to block_cancel. Enable/disable block CANCEL requests. Choices:
|
|
Deprecated, please rename it to block_geo_red_options. Enable/disable block OPTIONS requests, but OPTIONS requests still n… Choices:
|
|
Deprecated, please rename it to block_info. Enable/disable block INFO requests. Choices:
|
|
Deprecated, please rename it to block_invite. Enable/disable block INVITE requests. Choices:
|
|
Deprecated, please rename it to block_long_lines. Enable/disable block requests with headers exceeding max-line-length. Choices:
|
|
Deprecated, please rename it to block_message. Enable/disable block MESSAGE requests. Choices:
|
|
Deprecated, please rename it to block_notify. Enable/disable block NOTIFY requests. Choices:
|
|
Deprecated, please rename it to block_options. Enable/disable block OPTIONS requests and no OPTIONS as notifying message f… Choices:
|
|
Deprecated, please rename it to block_prack. Enable/disable block prack requests. Choices:
|
|
Deprecated, please rename it to block_publish. Enable/disable block PUBLISH requests. Choices:
|
|
Deprecated, please rename it to block_refer. Enable/disable block REFER requests. Choices:
|
|
Deprecated, please rename it to block_register. Enable/disable block REGISTER requests. Choices:
|
|
Deprecated, please rename it to block_subscribe. Enable/disable block SUBSCRIBE requests. Choices:
|
|
Deprecated, please rename it to block_unknown. Block unrecognized SIP requests Choices:
|
|
Deprecated, please rename it to block_update. Enable/disable block UPDATE requests. Choices:
|
|
Deprecated, please rename it to bye_rate. BYE request rate limit |
|
Deprecated, please rename it to bye_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to call_id_regex. Validate PCRE regular expression for Call-Id header value. |
|
Deprecated, please rename it to call_keepalive. Continue tracking calls with no RTP for this many minutes. |
|
Deprecated, please rename it to cancel_rate. CANCEL request rate limit |
|
Deprecated, please rename it to cancel_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to contact_fixup. Fixup contact anyway even if contacts IP Choices:
|
|
Deprecated, please rename it to content_type_regex. Validate PCRE regular expression for Content-Type header value. |
|
Deprecated, please rename it to hnt_restrict_source_ip. Enable/disable restrict RTP source IP to be the same as SIP source… Choices:
|
|
Deprecated, please rename it to hosted_nat_traversal. Hosted NAT Traversal Choices:
|
|
Deprecated, please rename it to info_rate. INFO request rate limit |
|
Deprecated, please rename it to info_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to invite_rate. INVITE request rate limit |
|
Deprecated, please rename it to invite_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to ips_rtp. Enable/disable allow IPS on RTP. Choices:
|
|
Deprecated, please rename it to log_call_summary. Enable/disable logging of SIP call summary. Choices:
|
|
Deprecated, please rename it to log_violations. Enable/disable logging of SIP violations. Choices:
|
|
Deprecated, please rename it to malformed_header_allow. Action for malformed Allow header. Choices:
|
|
Deprecated, please rename it to malformed_header_call_id. Action for malformed Call-ID header. Choices:
|
|
Deprecated, please rename it to malformed_header_contact. Action for malformed Contact header. Choices:
|
|
Deprecated, please rename it to malformed_header_content_length. Action for malformed Content-Length header. Choices:
|
|
Deprecated, please rename it to malformed_header_content_type. Action for malformed Content-Type header. Choices:
|
|
Deprecated, please rename it to malformed_header_cseq. Action for malformed CSeq header. Choices:
|
|
Deprecated, please rename it to malformed_header_expires. Action for malformed Expires header. Choices:
|
|
Deprecated, please rename it to malformed_header_from. Action for malformed From header. Choices:
|
|
Deprecated, please rename it to malformed_header_max_forwards. Action for malformed Max-Forwards header. Choices:
|
|
Deprecated, please rename it to malformed_header_no_proxy_require. Action for malformed SIP messages without Proxy-Require… Choices:
|
|
Deprecated, please rename it to malformed_header_no_require. Action for malformed SIP messages without Require header. Choices:
|
|
Deprecated, please rename it to malformed_header_p_asserted_identity. Action for malformed P-Asserted-Identity header. Choices:
|
|
Deprecated, please rename it to malformed_header_rack. Action for malformed RAck header. Choices:
|
|
Deprecated, please rename it to malformed_header_record_route. Action for malformed Record-Route header. Choices:
|
|
Deprecated, please rename it to malformed_header_route. Action for malformed Route header. Choices:
|
|
Deprecated, please rename it to malformed_header_rseq. Action for malformed RSeq header. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_a. Action for malformed SDP a line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_b. Action for malformed SDP b line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_c. Action for malformed SDP c line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_i. Action for malformed SDP i line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_k. Action for malformed SDP k line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_m. Action for malformed SDP m line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_o. Action for malformed SDP o line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_r. Action for malformed SDP r line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_s. Action for malformed SDP s line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_t. Action for malformed SDP t line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_v. Action for malformed SDP v line. Choices:
|
|
Deprecated, please rename it to malformed_header_sdp_z. Action for malformed SDP z line. Choices:
|
|
Deprecated, please rename it to malformed_header_to. Action for malformed To header. Choices:
|
|
Deprecated, please rename it to malformed_header_via. Action for malformed VIA header. Choices:
|
|
Deprecated, please rename it to malformed_request_line. Action for malformed request line. Choices:
|
|
Deprecated, please rename it to max_body_length. Maximum SIP message body length |
|
Deprecated, please rename it to max_dialogs. Maximum number of concurrent calls/dialogs |
|
Deprecated, please rename it to max_idle_dialogs. Maximum number established but idle dialogs to retain |
|
Deprecated, please rename it to max_line_length. Maximum SIP header line length |
|
Deprecated, please rename it to message_rate. MESSAGE request rate limit |
|
Deprecated, please rename it to message_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to nat_port_range. RTP NAT port range. |
|
Deprecated, please rename it to nat_trace. Enable/disable preservation of original IP in SDP i line. Choices:
|
|
Deprecated, please rename it to no_sdp_fixup. Enable/disable no SDP fix-up. Choices:
|
|
Deprecated, please rename it to notify_rate. NOTIFY request rate limit |
|
Deprecated, please rename it to notify_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to open_contact_pinhole. Enable/disable open pinhole for non-REGISTER Contact port. Choices:
|
|
Deprecated, please rename it to open_record_route_pinhole. Enable/disable open pinhole for Record-Route port. Choices:
|
|
Deprecated, please rename it to open_register_pinhole. Enable/disable open pinhole for REGISTER Contact port. Choices:
|
|
Deprecated, please rename it to open_via_pinhole. Enable/disable open pinhole for Via port. Choices:
|
|
Deprecated, please rename it to options_rate. OPTIONS request rate limit |
|
Deprecated, please rename it to options_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to prack_rate. PRACK request rate limit |
|
Deprecated, please rename it to prack_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to preserve_override. Override i line to preserve original IPS Choices:
|
|
Deprecated, please rename it to provisional_invite_expiry_time. Expiry time for provisional INVITE |
|
Deprecated, please rename it to publish_rate. PUBLISH request rate limit |
|
Deprecated, please rename it to publish_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to refer_rate. REFER request rate limit |
|
Deprecated, please rename it to refer_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to register_contact_trace. Enable/disable trace original IP/port within the contact header of… Choices:
|
|
Deprecated, please rename it to register_rate. REGISTER request rate limit |
|
Deprecated, please rename it to register_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to rfc2543_branch. Enable/disable support via branch compliant with RFC 2543. Choices:
|
|
Enable/disable create pinholes for RTP traffic to traverse firewall. Choices:
|
|
Deprecated, please rename it to ssl_algorithm. Relative strength of encryption algorithms accepted in negotiation. Choices:
|
|
Deprecated, please rename it to ssl_auth_client. Require a client certificate and authenticate it with the peer/peergrp. |
|
Deprecated, please rename it to ssl_auth_server. Authenticate the servers certificate with the peer/peergrp. |
|
Deprecated, please rename it to ssl_client_certificate. Name of Certificate to offer to server if requested. |
|
Deprecated, please rename it to ssl_client_renegotiation. Allow/block client renegotiation by server. Choices:
|
|
Deprecated, please rename it to ssl_max_version. Highest SSL/TLS version to negotiate. Choices:
|
|
Deprecated, please rename it to ssl_min_version. Lowest SSL/TLS version to negotiate. Choices:
|
|
Deprecated, please rename it to ssl_mode. SSL/TLS mode for encryption & decryption of traffic. Choices:
|
|
Deprecated, please rename it to ssl_pfs. SSL Perfect Forward Secrecy. Choices:
|
|
Deprecated, please rename it to ssl_send_empty_frags. Send empty fragments to avoid attack on CBC IV Choices:
|
|
Deprecated, please rename it to ssl_server_certificate. Name of Certificate return to the client in every SSL connection. |
|
Enable/disable SIP. Choices:
|
|
Deprecated, please rename it to strict_register. Enable/disable only allow the registrar to connect. Choices:
|
|
Deprecated, please rename it to subscribe_rate. SUBSCRIBE request rate limit |
|
Deprecated, please rename it to subscribe_rate_track. Track the packet protocol field. Choices:
|
|
Deprecated, please rename it to unknown_header. Action for unknown SIP header. Choices:
|
|
Deprecated, please rename it to update_rate. UPDATE request rate limit |
|
Deprecated, please rename it to update_rate_track. Track the packet protocol field. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: SIP.
fortinet.fortimanager.fmgr_voip_profile_sip:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack_rate: <integer>
block_ack: <value in [disable, enable]>
block_bye: <value in [disable, enable]>
block_cancel: <value in [disable, enable]>
block_geo_red_options: <value in [disable, enable]>
block_info: <value in [disable, enable]>
block_invite: <value in [disable, enable]>
block_long_lines: <value in [disable, enable]>
block_message: <value in [disable, enable]>
block_notify: <value in [disable, enable]>
block_options: <value in [disable, enable]>
block_prack: <value in [disable, enable]>
block_publish: <value in [disable, enable]>
block_refer: <value in [disable, enable]>
block_register: <value in [disable, enable]>
block_subscribe: <value in [disable, enable]>
block_unknown: <value in [disable, enable]>
block_update: <value in [disable, enable]>
bye_rate: <integer>
call_keepalive: <integer>
cancel_rate: <integer>
contact_fixup: <value in [disable, enable]>
hnt_restrict_source_ip: <value in [disable, enable]>
hosted_nat_traversal: <value in [disable, enable]>
info_rate: <integer>
invite_rate: <integer>
ips_rtp: <value in [disable, enable]>
log_call_summary: <value in [disable, enable]>
log_violations: <value in [disable, enable]>
malformed_header_allow: <value in [pass, discard, respond]>
malformed_header_call_id: <value in [pass, discard, respond]>
malformed_header_contact: <value in [pass, discard, respond]>
malformed_header_content_length: <value in [pass, discard, respond]>
malformed_header_content_type: <value in [pass, discard, respond]>
malformed_header_cseq: <value in [pass, discard, respond]>
malformed_header_expires: <value in [pass, discard, respond]>
malformed_header_from: <value in [pass, discard, respond]>
malformed_header_max_forwards: <value in [pass, discard, respond]>
malformed_header_p_asserted_identity: <value in [pass, discard, respond]>
malformed_header_rack: <value in [pass, discard, respond]>
malformed_header_record_route: <value in [pass, discard, respond]>
malformed_header_route: <value in [pass, discard, respond]>
malformed_header_rseq: <value in [pass, discard, respond]>
malformed_header_sdp_a: <value in [pass, discard, respond]>
malformed_header_sdp_b: <value in [pass, discard, respond]>
malformed_header_sdp_c: <value in [pass, discard, respond]>
malformed_header_sdp_i: <value in [pass, discard, respond]>
malformed_header_sdp_k: <value in [pass, discard, respond]>
malformed_header_sdp_m: <value in [pass, discard, respond]>
malformed_header_sdp_o: <value in [pass, discard, respond]>
malformed_header_sdp_r: <value in [pass, discard, respond]>
malformed_header_sdp_s: <value in [pass, discard, respond]>
malformed_header_sdp_t: <value in [pass, discard, respond]>
malformed_header_sdp_v: <value in [pass, discard, respond]>
malformed_header_sdp_z: <value in [pass, discard, respond]>
malformed_header_to: <value in [pass, discard, respond]>
malformed_header_via: <value in [pass, discard, respond]>
malformed_request_line: <value in [pass, discard, respond]>
max_body_length: <integer>
max_dialogs: <integer>
max_idle_dialogs: <integer>
max_line_length: <integer>
message_rate: <integer>
nat_trace: <value in [disable, enable]>
no_sdp_fixup: <value in [disable, enable]>
notify_rate: <integer>
open_contact_pinhole: <value in [disable, enable]>
open_record_route_pinhole: <value in [disable, enable]>
open_register_pinhole: <value in [disable, enable]>
open_via_pinhole: <value in [disable, enable]>
options_rate: <integer>
prack_rate: <integer>
preserve_override: <value in [disable, enable]>
provisional_invite_expiry_time: <integer>
publish_rate: <integer>
refer_rate: <integer>
register_contact_trace: <value in [disable, enable]>
register_rate: <integer>
rfc2543_branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl_algorithm: <value in [high, medium, low]>
ssl_auth_client: <string>
ssl_auth_server: <string>
ssl_client_certificate: <string>
ssl_client_renegotiation: <value in [allow, deny, secure]>
ssl_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl_mode: <value in [off, full]>
ssl_pfs: <value in [require, deny, allow]>
ssl_send_empty_frags: <value in [disable, enable]>
ssl_server_certificate: <string>
status: <value in [disable, enable]>
strict_register: <value in [disable, enable]>
subscribe_rate: <integer>
unknown_header: <value in [pass, discard, respond]>
update_rate: <integer>
nat_port_range: <string>
ack_rate_track: <value in [none, src-ip, dest-ip]>
bye_rate_track: <value in [none, src-ip, dest-ip]>
cancel_rate_track: <value in [none, src-ip, dest-ip]>
info_rate_track: <value in [none, src-ip, dest-ip]>
invite_rate_track: <value in [none, src-ip, dest-ip]>
malformed_header_no_proxy_require: <value in [pass, discard, respond]>
malformed_header_no_require: <value in [pass, discard, respond]>
message_rate_track: <value in [none, src-ip, dest-ip]>
notify_rate_track: <value in [none, src-ip, dest-ip]>
options_rate_track: <value in [none, src-ip, dest-ip]>
prack_rate_track: <value in [none, src-ip, dest-ip]>
publish_rate_track: <value in [none, src-ip, dest-ip]>
refer_rate_track: <value in [none, src-ip, dest-ip]>
register_rate_track: <value in [none, src-ip, dest-ip]>
subscribe_rate_track: <value in [none, src-ip, dest-ip]>
update_rate_track: <value in [none, src-ip, dest-ip]>
call_id_regex: <string>
content_type_regex: <string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |