fortinet.fortimanager.fmgr_voip_profile_sip module – SIP.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

profile

string / required

The parameter (profile) in requested url.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

voip_profile_sip

dictionary

The top level parameters set.

ack_rate

integer

ACK request rate limit

ack_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

block_ack

string

Enable/disable block ACK requests.

Choices:

  • "disable"

  • "enable"

block_bye

string

Enable/disable block BYE requests.

Choices:

  • "disable"

  • "enable"

block_cancel

string

Enable/disable block CANCEL requests.

Choices:

  • "disable"

  • "enable"

block_geo_red_options

string

Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.

Choices:

  • "disable"

  • "enable"

block_info

string

Enable/disable block INFO requests.

Choices:

  • "disable"

  • "enable"

block_invite

string

Enable/disable block INVITE requests.

Choices:

  • "disable"

  • "enable"

block_long_lines

string

Enable/disable block requests with headers exceeding max-line-length.

Choices:

  • "disable"

  • "enable"

block_message

string

Enable/disable block MESSAGE requests.

Choices:

  • "disable"

  • "enable"

block_notify

string

Enable/disable block NOTIFY requests.

Choices:

  • "disable"

  • "enable"

block_options

string

Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.

Choices:

  • "disable"

  • "enable"

block_prack

string

Enable/disable block prack requests.

Choices:

  • "disable"

  • "enable"

block_publish

string

Enable/disable block PUBLISH requests.

Choices:

  • "disable"

  • "enable"

block_refer

string

Enable/disable block REFER requests.

Choices:

  • "disable"

  • "enable"

block_register

string

Enable/disable block REGISTER requests.

Choices:

  • "disable"

  • "enable"

block_subscribe

string

Enable/disable block SUBSCRIBE requests.

Choices:

  • "disable"

  • "enable"

block_unknown

string

Block unrecognized SIP requests

Choices:

  • "disable"

  • "enable"

block_update

string

Enable/disable block UPDATE requests.

Choices:

  • "disable"

  • "enable"

bye_rate

integer

BYE request rate limit

bye_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

call_id_regex

string

Validate PCRE regular expression for Call-Id header value.

call_keepalive

integer

Continue tracking calls with no RTP for this many minutes.

cancel_rate

integer

CANCEL request rate limit

cancel_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

contact_fixup

string

Fixup contact anyway even if contacts IP

Choices:

  • "disable"

  • "enable"

content_type_regex

string

Validate PCRE regular expression for Content-Type header value.

hnt_restrict_source_ip

string

Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.

Choices:

  • "disable"

  • "enable"

hosted_nat_traversal

string

Hosted NAT Traversal

Choices:

  • "disable"

  • "enable"

info_rate

integer

INFO request rate limit

info_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

invite_rate

integer

INVITE request rate limit

invite_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

ips_rtp

string

Enable/disable allow IPS on RTP.

Choices:

  • "disable"

  • "enable"

log_call_summary

string

Enable/disable logging of SIP call summary.

Choices:

  • "disable"

  • "enable"

log_violations

string

Enable/disable logging of SIP violations.

Choices:

  • "disable"

  • "enable"

malformed_header_allow

string

Action for malformed Allow header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_call_id

string

Action for malformed Call-ID header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_contact

string

Action for malformed Contact header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_content_length

string

Action for malformed Content-Length header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_content_type

string

Action for malformed Content-Type header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_cseq

string

Action for malformed CSeq header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_expires

string

Action for malformed Expires header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_from

string

Action for malformed From header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_max_forwards

string

Action for malformed Max-Forwards header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_no_proxy_require

string

Action for malformed SIP messages without Proxy-Require header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_no_require

string

Action for malformed SIP messages without Require header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_p_asserted_identity

string

Action for malformed P-Asserted-Identity header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_rack

string

Action for malformed RAck header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_record_route

string

Action for malformed Record-Route header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_route

string

Action for malformed Route header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_rseq

string

Action for malformed RSeq header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_a

string

Action for malformed SDP a line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_b

string

Action for malformed SDP b line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_c

string

Action for malformed SDP c line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_i

string

Action for malformed SDP i line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_k

string

Action for malformed SDP k line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_m

string

Action for malformed SDP m line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_o

string

Action for malformed SDP o line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_r

string

Action for malformed SDP r line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_s

string

Action for malformed SDP s line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_t

string

Action for malformed SDP t line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_v

string

Action for malformed SDP v line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_sdp_z

string

Action for malformed SDP z line.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_to

string

Action for malformed To header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_header_via

string

Action for malformed VIA header.

Choices:

  • "pass"

  • "discard"

  • "respond"

malformed_request_line

string

Action for malformed request line.

Choices:

  • "pass"

  • "discard"

  • "respond"

max_body_length

integer

Maximum SIP message body length

max_dialogs

integer

Maximum number of concurrent calls/dialogs

max_idle_dialogs

integer

Maximum number established but idle dialogs to retain

max_line_length

integer

Maximum SIP header line length

message_rate

integer

MESSAGE request rate limit

message_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

nat_port_range

string

RTP NAT port range.

nat_trace

string

Enable/disable preservation of original IP in SDP i line.

Choices:

  • "disable"

  • "enable"

no_sdp_fixup

string

Enable/disable no SDP fix-up.

Choices:

  • "disable"

  • "enable"

notify_rate

integer

NOTIFY request rate limit

notify_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

open_contact_pinhole

string

Enable/disable open pinhole for non-REGISTER Contact port.

Choices:

  • "disable"

  • "enable"

open_record_route_pinhole

string

Enable/disable open pinhole for Record-Route port.

Choices:

  • "disable"

  • "enable"

open_register_pinhole

string

Enable/disable open pinhole for REGISTER Contact port.

Choices:

  • "disable"

  • "enable"

open_via_pinhole

string

Enable/disable open pinhole for Via port.

Choices:

  • "disable"

  • "enable"

options_rate

integer

OPTIONS request rate limit

options_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

prack_rate

integer

PRACK request rate limit

prack_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

preserve_override

string

Override i line to preserve original IPS

Choices:

  • "disable"

  • "enable"

provisional_invite_expiry_time

integer

Expiry time for provisional INVITE

publish_rate

integer

PUBLISH request rate limit

publish_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

refer_rate

integer

REFER request rate limit

refer_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

register_contact_trace

string

Enable/disable trace original IP/port within the contact header of REGISTER requests.

Choices:

  • "disable"

  • "enable"

register_rate

integer

REGISTER request rate limit

register_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

rfc2543_branch

string

Enable/disable support via branch compliant with RFC 2543.

Choices:

  • "disable"

  • "enable"

rtp

string

Enable/disable create pinholes for RTP traffic to traverse firewall.

Choices:

  • "disable"

  • "enable"

ssl_algorithm

string

Relative strength of encryption algorithms accepted in negotiation.

Choices:

  • "high"

  • "medium"

  • "low"

ssl_auth_client

string

Require a client certificate and authenticate it with the peer/peergrp.

ssl_auth_server

string

Authenticate the servers certificate with the peer/peergrp.

ssl_client_certificate

string

Name of Certificate to offer to server if requested.

ssl_client_renegotiation

string

Allow/block client renegotiation by server.

Choices:

  • "allow"

  • "deny"

  • "secure"

ssl_max_version

string

Highest SSL/TLS version to negotiate.

Choices:

  • "ssl-3.0"

  • "tls-1.0"

  • "tls-1.1"

  • "tls-1.2"

  • "tls-1.3"

ssl_min_version

string

Lowest SSL/TLS version to negotiate.

Choices:

  • "ssl-3.0"

  • "tls-1.0"

  • "tls-1.1"

  • "tls-1.2"

  • "tls-1.3"

ssl_mode

string

SSL/TLS mode for encryption & decryption of traffic.

Choices:

  • "off"

  • "full"

ssl_pfs

string

SSL Perfect Forward Secrecy.

Choices:

  • "require"

  • "deny"

  • "allow"

ssl_send_empty_frags

string

Send empty fragments to avoid attack on CBC IV

Choices:

  • "disable"

  • "enable"

ssl_server_certificate

string

Name of Certificate return to the client in every SSL connection.

status

string

Enable/disable SIP.

Choices:

  • "disable"

  • "enable"

strict_register

string

Enable/disable only allow the registrar to connect.

Choices:

  • "disable"

  • "enable"

subscribe_rate

integer

SUBSCRIBE request rate limit

subscribe_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

unknown_header

string

Action for unknown SIP header.

Choices:

  • "pass"

  • "discard"

  • "respond"

update_rate

integer

UPDATE request rate limit

update_rate_track

string

Track the packet protocol field.

Choices:

  • "none"

  • "src-ip"

  • "dest-ip"

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: SIP.
      fortinet.fortimanager.fmgr_voip_profile_sip:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        profile: <your own value>
        voip_profile_sip:
          ack_rate: <integer>
          block_ack: <value in [disable, enable]>
          block_bye: <value in [disable, enable]>
          block_cancel: <value in [disable, enable]>
          block_geo_red_options: <value in [disable, enable]>
          block_info: <value in [disable, enable]>
          block_invite: <value in [disable, enable]>
          block_long_lines: <value in [disable, enable]>
          block_message: <value in [disable, enable]>
          block_notify: <value in [disable, enable]>
          block_options: <value in [disable, enable]>
          block_prack: <value in [disable, enable]>
          block_publish: <value in [disable, enable]>
          block_refer: <value in [disable, enable]>
          block_register: <value in [disable, enable]>
          block_subscribe: <value in [disable, enable]>
          block_unknown: <value in [disable, enable]>
          block_update: <value in [disable, enable]>
          bye_rate: <integer>
          call_keepalive: <integer>
          cancel_rate: <integer>
          contact_fixup: <value in [disable, enable]>
          hnt_restrict_source_ip: <value in [disable, enable]>
          hosted_nat_traversal: <value in [disable, enable]>
          info_rate: <integer>
          invite_rate: <integer>
          ips_rtp: <value in [disable, enable]>
          log_call_summary: <value in [disable, enable]>
          log_violations: <value in [disable, enable]>
          malformed_header_allow: <value in [pass, discard, respond]>
          malformed_header_call_id: <value in [pass, discard, respond]>
          malformed_header_contact: <value in [pass, discard, respond]>
          malformed_header_content_length: <value in [pass, discard, respond]>
          malformed_header_content_type: <value in [pass, discard, respond]>
          malformed_header_cseq: <value in [pass, discard, respond]>
          malformed_header_expires: <value in [pass, discard, respond]>
          malformed_header_from: <value in [pass, discard, respond]>
          malformed_header_max_forwards: <value in [pass, discard, respond]>
          malformed_header_p_asserted_identity: <value in [pass, discard, respond]>
          malformed_header_rack: <value in [pass, discard, respond]>
          malformed_header_record_route: <value in [pass, discard, respond]>
          malformed_header_route: <value in [pass, discard, respond]>
          malformed_header_rseq: <value in [pass, discard, respond]>
          malformed_header_sdp_a: <value in [pass, discard, respond]>
          malformed_header_sdp_b: <value in [pass, discard, respond]>
          malformed_header_sdp_c: <value in [pass, discard, respond]>
          malformed_header_sdp_i: <value in [pass, discard, respond]>
          malformed_header_sdp_k: <value in [pass, discard, respond]>
          malformed_header_sdp_m: <value in [pass, discard, respond]>
          malformed_header_sdp_o: <value in [pass, discard, respond]>
          malformed_header_sdp_r: <value in [pass, discard, respond]>
          malformed_header_sdp_s: <value in [pass, discard, respond]>
          malformed_header_sdp_t: <value in [pass, discard, respond]>
          malformed_header_sdp_v: <value in [pass, discard, respond]>
          malformed_header_sdp_z: <value in [pass, discard, respond]>
          malformed_header_to: <value in [pass, discard, respond]>
          malformed_header_via: <value in [pass, discard, respond]>
          malformed_request_line: <value in [pass, discard, respond]>
          max_body_length: <integer>
          max_dialogs: <integer>
          max_idle_dialogs: <integer>
          max_line_length: <integer>
          message_rate: <integer>
          nat_trace: <value in [disable, enable]>
          no_sdp_fixup: <value in [disable, enable]>
          notify_rate: <integer>
          open_contact_pinhole: <value in [disable, enable]>
          open_record_route_pinhole: <value in [disable, enable]>
          open_register_pinhole: <value in [disable, enable]>
          open_via_pinhole: <value in [disable, enable]>
          options_rate: <integer>
          prack_rate: <integer>
          preserve_override: <value in [disable, enable]>
          provisional_invite_expiry_time: <integer>
          publish_rate: <integer>
          refer_rate: <integer>
          register_contact_trace: <value in [disable, enable]>
          register_rate: <integer>
          rfc2543_branch: <value in [disable, enable]>
          rtp: <value in [disable, enable]>
          ssl_algorithm: <value in [high, medium, low]>
          ssl_auth_client: <string>
          ssl_auth_server: <string>
          ssl_client_certificate: <string>
          ssl_client_renegotiation: <value in [allow, deny, secure]>
          ssl_max_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          ssl_min_version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
          ssl_mode: <value in [off, full]>
          ssl_pfs: <value in [require, deny, allow]>
          ssl_send_empty_frags: <value in [disable, enable]>
          ssl_server_certificate: <string>
          status: <value in [disable, enable]>
          strict_register: <value in [disable, enable]>
          subscribe_rate: <integer>
          unknown_header: <value in [pass, discard, respond]>
          update_rate: <integer>
          nat_port_range: <string>
          ack_rate_track: <value in [none, src-ip, dest-ip]>
          bye_rate_track: <value in [none, src-ip, dest-ip]>
          cancel_rate_track: <value in [none, src-ip, dest-ip]>
          info_rate_track: <value in [none, src-ip, dest-ip]>
          invite_rate_track: <value in [none, src-ip, dest-ip]>
          malformed_header_no_proxy_require: <value in [pass, discard, respond]>
          malformed_header_no_require: <value in [pass, discard, respond]>
          message_rate_track: <value in [none, src-ip, dest-ip]>
          notify_rate_track: <value in [none, src-ip, dest-ip]>
          options_rate_track: <value in [none, src-ip, dest-ip]>
          prack_rate_track: <value in [none, src-ip, dest-ip]>
          publish_rate_track: <value in [none, src-ip, dest-ip]>
          refer_rate_track: <value in [none, src-ip, dest-ip]>
          register_rate_track: <value in [none, src-ip, dest-ip]>
          subscribe_rate_track: <value in [none, src-ip, dest-ip]>
          update_rate_track: <value in [none, src-ip, dest-ip]>
          call_id_regex: <string>
          content_type_regex: <string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)