fortinet.fortimanager.fmgr_firewall_gtp module – Configure GTP.
Note
This module is part of the fortinet.fortimanager collection (version 2.8.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_gtp
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
The top level parameters set. |
|
Overbilling notify address |
|
Apn. |
|
Action. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
APN selection mode. Choices:
|
|
Apn filter Choices:
|
|
Authorized GGSN group |
|
Authorized GGSN/PGW IPv6 group. |
|
Authorized SGSN group |
|
Authorized SGSN/SGW IPv6 group. |
|
Comment. |
|
Overbilling context. |
|
Control plane message rate limit |
|
Default apn action Choices:
|
|
Default imsi action Choices:
|
|
Default action for encapsulated IP traffic Choices:
|
|
Default action for encapsulated non-IP traffic Choices:
|
|
Default advanced policy action Choices:
|
|
Log denied Choices:
|
|
Echo request interval |
|
Log in extension format Choices:
|
|
Log forwarded Choices:
|
|
Global tunnel limit. |
|
Gtp in gtp Choices:
|
|
Enable/disable logging of denied GTP-U packets. Choices:
|
|
Enable/disable logging of forwarded GTP-U packets. Choices:
|
|
Logging of frequency of GTP-U packets. |
|
GTPv0 traffic. Choices:
|
|
Half-close tunnel timeout |
|
Half-open tunnel timeout |
|
Handover SGSN group |
|
Handover SGSN/SGW IPv6 group. |
|
IE allow list. |
|
IE allow list. |
|
Ie remove policy. |
|
ID. |
|
GTP IEs to be removed. Choices:
|
|
SGSN address name. |
|
SGSN IPv6 address name. |
|
IE removal policy. Choices:
|
|
Ie validation. |
|
Validate APN restriction. Choices:
|
|
Validate charging gateway address. Choices:
|
|
Validate charging ID. Choices:
|
|
Validate end user address. Choices:
|
|
Validate GSN address. Choices:
|
|
Validate IMEI Choices:
|
|
Validate IMSI. Choices:
|
|
Validate MM context. Choices:
|
|
Validate MS time zone. Choices:
|
|
Validate MS validated. Choices:
|
|
Validate MSISDN. Choices:
|
|
Validate NSAPI. Choices:
|
|
Validate PDP context. Choices:
|
|
Validate Quality of Service Choices:
|
|
Validate RAI. Choices:
|
|
Validate RAT type. Choices:
|
|
Validate re-ordering required. Choices:
|
|
Validate selection mode. Choices:
|
|
Validate user location information. Choices:
|
|
IE white list. |
|
IE white list. |
|
Imsi. |
|
Action. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
MCC MNC. |
|
MSISDN prefix. |
|
APN selection mode. Choices:
|
|
Imsi filter Choices:
|
|
Overbilling interface |
|
Invalid reserved field in GTP header Choices:
|
|
Invalid SGSN IPv6 group to be logged. |
|
Invalid SGSN group to be logged |
|
IP filter for encapsulted traffic Choices:
|
|
Ip policy. |
|
Action. Choices:
|
|
Destination address name. |
|
Destination IPv6 address name. |
|
ID. |
|
Source address name. |
|
Source IPv6 address name. |
|
Logging of frequency of GTP-C packets. |
|
The user data log limit |
|
IMSI prefix for selective logging. |
|
The msisdn prefix for selective logging |
|
Max message length |
|
Message filter. |
|
Create AA PDP. Choices:
|
|
Create MBMS. Choices:
|
|
Create PDP. Choices:
|
|
Data record. Choices:
|
|
Delete AA PDP. Choices:
|
|
Delete MBMS. Choices:
|
|
Delete PDP. Choices:
|
|
Echo. Choices:
|
|
Error indication. Choices:
|
|
Failure report. Choices:
|
|
Forward relocation. Choices:
|
|
Forward SRNS context. Choices:
|
|
GTP PDU. Choices:
|
|
Identification. Choices:
|
|
MBMS notification. Choices:
|
|
Node alive. Choices:
|
|
Note MS present. Choices:
|
|
PDU notification. Choices:
|
|
Ran info. Choices:
|
|
Redirection. Choices:
|
|
Relocation cancel. Choices:
|
|
Send route. Choices:
|
|
SGSN context. Choices:
|
|
Support extension. Choices:
|
|
Unknown message action. Choices:
|
|
Update MBMS. Choices:
|
|
Update PDP. Choices:
|
|
Version not supported. Choices:
|
|
Message filter. |
|
Message filter. |
|
Message rate limit. |
|
Rate limit for create AA PDP context request |
|
Rate limit for create AA PDP context response |
|
Rate limit for create MBMS context request |
|
Rate limit for create MBMS context response |
|
Rate limit for create PDP context request |
|
Rate limit for create PDP context response |
|
Rate limit for delete AA PDP context request |
|
Rate limit for delete AA PDP context response |
|
Rate limit for delete MBMS context request |
|
Rate limit for delete MBMS context response |
|
Rate limit for delete PDP context request |
|
Rate limit for delete PDP context response |
|
Rate limit for echo response |
|
Rate limit for echo requests |
|
Rate limit for echo response |
|
Rate limit for error indication |
|
Rate limit for failure report request |
|
Rate limit for failure report response |
|
Rate limit for forward relocation complete acknowledge |
|
Rate limit for forward relocation complete |
|
Rate limit for forward relocation request |
|
Rate limit for forward relocation response |
|
Rate limit for forward SRNS context |
|
Rate limit for forward SRNS context acknowledge |
|
Rate limit for G-PDU |
|
Rate limit for identification request |
|
Rate limit for identification response |
|
Rate limit for MBMS de-registration request |
|
Rate limit for MBMS de-registration response |
|
Rate limit for MBMS notification reject request |
|
Rate limit for MBMS notification reject response |
|
Rate limit for MBMS notification request |
|
Rate limit for MBMS notification response |
|
Rate limit for MBMS registration request |
|
Rate limit for MBMS registration response |
|
Rate limit for MBMS session start request |
|
Rate limit for MBMS session start response |
|
Rate limit for MBMS session stop request |
|
Rate limit for MBMS session stop response |
|
Rate limit for note MS GPRS present request |
|
Rate limit for note MS GPRS present response |
|
Rate limit for PDU notify reject request |
|
Rate limit for PDU notify reject response |
|
Rate limit for PDU notify request |
|
Rate limit for PDU notify response |
|
Rate limit for RAN information relay |
|
Rate limit for relocation cancel request |
|
Rate limit for relocation cancel response |
|
Rate limit for send routing information for GPRS request |
|
Rate limit for send routing information for GPRS response |
|
Rate limit for SGSN context acknowledgement |
|
Rate limit for SGSN context request |
|
Rate limit for SGSN context response |
|
Rate limit for support extension headers notification |
|
Rate limit for update MBMS context request |
|
Rate limit for update MBMS context response |
|
Rate limit for update PDP context request |
|
Rate limit for update PDP context response |
|
Rate limit for version not supported |
|
Message rate limit v0. |
|
Rate limit |
|
Rate limit |
|
Rate limit |
|
Message rate limit v1. |
|
Rate limit |
|
Rate limit |
|
Rate limit |
|
Message rate limit v2. |
|
Rate limit |
|
Rate limit |
|
Rate limit |
|
Min message length |
|
Missing mandatory information element Choices:
|
|
GTP monitor mode Choices:
|
|
Profile name. |
|
Non-IP filter for encapsulted traffic Choices:
|
|
Noip policy. |
|
Action. Choices:
|
|
End of protocol range |
|
ID. |
|
Start of protocol range |
|
Protocol field type. Choices:
|
|
Out of state information element. Choices:
|
|
Out of state GTP message Choices:
|
|
Per apn shaper. |
|
APN name. |
|
ID. |
|
Rate limit |
|
GTP version number |
|
Policy. |
|
Action. Choices:
|
|
APN subfix. |
|
APN selection mode. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
IMEI |
|
IMSI prefix. |
|
IMSI prefix. |
|
Maximum APN restriction value. Choices:
|
|
GTP messages. Choices:
|
|
MSISDN prefix. |
|
MSISDN prefix. |
|
RAI pattern. |
|
RAT Type. Choices:
|
|
ULI pattern. |
|
Advanced policy filter Choices:
|
|
Policy v2. |
|
Action. Choices:
|
|
APN selection mode. Choices:
|
|
(list or str) APN member. |
|
ID. |
|
IMSI prefix. |
|
Maximum APN restriction value. Choices:
|
|
MEI pattern. |
|
GTP messages. Choices:
|
|
MSISDN prefix. |
|
RAT Type. Choices:
|
|
(list) GTPv2 ULI patterns |
|
Overbilling notify port |
|
RAT timeout profile. |
|
GTP rate limit mode. Choices:
|
|
Log rate limited Choices:
|
|
Rate sampling interval |
|
Remove if echo response expires Choices:
|
|
Remove upon different Recovery IE Choices:
|
|
Reserved information element Choices:
|
|
Send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. Choices:
|
|
Send DELETE request to path endpoints when GTPv2 tunnel timeout. Choices:
|
|
Spoofed source address for Mobile Station. Choices:
|
|
Log state invalid Choices:
|
|
Sub-second interval Choices:
|
|
Enable/disable sub-second sampling. Choices:
|
|
Log tunnel traffic counter Choices:
|
|
Tunnel limit |
|
Tunnel limit Choices:
|
|
Established tunnel timeout |
|
Action for unknown gtp version Choices:
|
|
User plane message rate limit |
|
Warning threshold for rate limiting |
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure GTP.
fortinet.fortimanager.fmgr_firewall_gtp:
bypass_validation: false
adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom
state: present
firewall_gtp:
monitor-mode: disable # <value in [disable, enable, vdom]>
name: "ansible-test"
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the GTPs
fortinet.fortimanager.fmgr_fact:
facts:
selector: "firewall_gtp"
params:
adom: "FortiCarrier" # This is FOC-only object, need a FortiCarrier adom
gtp: "your_value"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |