fortinet.fortimanager.fmgr_voip_profile_sip – SIP.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
profile
string / required
the parameter (profile) in requested url
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
voip_profile_sip
dictionary
the top level parameters set
ack-rate
integer
ACK request rate limit (per second, per policy).
ack-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
block-ack
string
    Choices:
  • disable
  • enable
Enable/disable block ACK requests.
block-bye
string
    Choices:
  • disable
  • enable
Enable/disable block BYE requests.
block-cancel
string
    Choices:
  • disable
  • enable
Enable/disable block CANCEL requests.
block-geo-red-options
string
    Choices:
  • disable
  • enable
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
block-info
string
    Choices:
  • disable
  • enable
Enable/disable block INFO requests.
block-invite
string
    Choices:
  • disable
  • enable
Enable/disable block INVITE requests.
block-long-lines
string
    Choices:
  • disable
  • enable
Enable/disable block requests with headers exceeding max-line-length.
block-message
string
    Choices:
  • disable
  • enable
Enable/disable block MESSAGE requests.
block-notify
string
    Choices:
  • disable
  • enable
Enable/disable block NOTIFY requests.
block-options
string
    Choices:
  • disable
  • enable
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
block-prack
string
    Choices:
  • disable
  • enable
Enable/disable block prack requests.
block-publish
string
    Choices:
  • disable
  • enable
Enable/disable block PUBLISH requests.
block-refer
string
    Choices:
  • disable
  • enable
Enable/disable block REFER requests.
block-register
string
    Choices:
  • disable
  • enable
Enable/disable block REGISTER requests.
block-subscribe
string
    Choices:
  • disable
  • enable
Enable/disable block SUBSCRIBE requests.
block-unknown
string
    Choices:
  • disable
  • enable
Block unrecognized SIP requests (enabled by default).
block-update
string
    Choices:
  • disable
  • enable
Enable/disable block UPDATE requests.
bye-rate
integer
BYE request rate limit (per second, per policy).
bye-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
call-keepalive
integer
Continue tracking calls with no RTP for this many minutes.
cancel-rate
integer
CANCEL request rate limit (per second, per policy).
cancel-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
contact-fixup
string
    Choices:
  • disable
  • enable
Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port.
hnt-restrict-source-ip
string
    Choices:
  • disable
  • enable
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
hosted-nat-traversal
string
    Choices:
  • disable
  • enable
Hosted NAT Traversal (HNT).
info-rate
integer
INFO request rate limit (per second, per policy).
info-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
invite-rate
integer
INVITE request rate limit (per second, per policy).
invite-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
ips-rtp
string
    Choices:
  • disable
  • enable
Enable/disable allow IPS on RTP.
log-call-summary
string
    Choices:
  • disable
  • enable
Enable/disable logging of SIP call summary.
log-violations
string
    Choices:
  • disable
  • enable
Enable/disable logging of SIP violations.
malformed-header-allow
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Allow header.
malformed-header-call-id
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Call-ID header.
malformed-header-contact
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Contact header.
malformed-header-content-length
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Content-Length header.
malformed-header-content-type
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Content-Type header.
malformed-header-cseq
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed CSeq header.
malformed-header-expires
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Expires header.
malformed-header-from
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed From header.
malformed-header-max-forwards
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Max-Forwards header.
malformed-header-no-proxy-require
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SIP messages without Proxy-Require header.
malformed-header-no-require
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SIP messages without Require header.
malformed-header-p-asserted-identity
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed P-Asserted-Identity header.
malformed-header-rack
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed RAck header.
malformed-header-record-route
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Record-Route header.
malformed-header-route
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Route header.
malformed-header-rseq
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed RSeq header.
malformed-header-sdp-a
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP a line.
malformed-header-sdp-b
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP b line.
malformed-header-sdp-c
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP c line.
malformed-header-sdp-i
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP i line.
malformed-header-sdp-k
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP k line.
malformed-header-sdp-m
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP m line.
malformed-header-sdp-o
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP o line.
malformed-header-sdp-r
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP r line.
malformed-header-sdp-s
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP s line.
malformed-header-sdp-t
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP t line.
malformed-header-sdp-v
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP v line.
malformed-header-sdp-z
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP z line.
malformed-header-to
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed To header.
malformed-header-via
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed VIA header.
malformed-request-line
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed request line.
max-body-length
integer
Maximum SIP message body length (0 meaning no limit).
max-dialogs
integer
Maximum number of concurrent calls/dialogs (per policy).
max-idle-dialogs
integer
Maximum number established but idle dialogs to retain (per policy).
max-line-length
integer
Maximum SIP header line length (78-4096).
message-rate
integer
MESSAGE request rate limit (per second, per policy).
message-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
nat-port-range
string
RTP NAT port range.
nat-trace
string
    Choices:
  • disable
  • enable
Enable/disable preservation of original IP in SDP i line.
no-sdp-fixup
string
    Choices:
  • disable
  • enable
Enable/disable no SDP fix-up.
notify-rate
integer
NOTIFY request rate limit (per second, per policy).
notify-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
open-contact-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for non-REGISTER Contact port.
open-record-route-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for Record-Route port.
open-register-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for REGISTER Contact port.
open-via-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for Via port.
options-rate
integer
OPTIONS request rate limit (per second, per policy).
options-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
prack-rate
integer
PRACK request rate limit (per second, per policy).
prack-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
preserve-override
string
    Choices:
  • disable
  • enable
Override i line to preserve original IPS (default: append).
provisional-invite-expiry-time
integer
Expiry time for provisional INVITE (10 - 3600 sec).
publish-rate
integer
PUBLISH request rate limit (per second, per policy).
publish-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
refer-rate
integer
REFER request rate limit (per second, per policy).
refer-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
register-contact-trace
string
    Choices:
  • disable
  • enable
Enable/disable trace original IP/port within the contact header of REGISTER requests.
register-rate
integer
REGISTER request rate limit (per second, per policy).
register-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
rfc2543-branch
string
    Choices:
  • disable
  • enable
Enable/disable support via branch compliant with RFC 2543.
rtp
string
    Choices:
  • disable
  • enable
Enable/disable create pinholes for RTP traffic to traverse firewall.
ssl-algorithm
string
    Choices:
  • high
  • medium
  • low
Relative strength of encryption algorithms accepted in negotiation.
ssl-auth-client
string
Require a client certificate and authenticate it with the peer/peergrp.
ssl-auth-server
string
Authenticate the servers certificate with the peer/peergrp.
ssl-client-certificate
string
Name of Certificate to offer to server if requested.
ssl-client-renegotiation
string
    Choices:
  • allow
  • deny
  • secure
Allow/block client renegotiation by server.
ssl-max-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
Highest SSL/TLS version to negotiate.
ssl-min-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
Lowest SSL/TLS version to negotiate.
ssl-mode
string
    Choices:
  • off
  • full
SSL/TLS mode for encryption & decryption of traffic.
ssl-pfs
string
    Choices:
  • require
  • deny
  • allow
SSL Perfect Forward Secrecy.
ssl-send-empty-frags
string
    Choices:
  • disable
  • enable
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
ssl-server-certificate
string
Name of Certificate return to the client in every SSL connection.
status
string
    Choices:
  • disable
  • enable
Enable/disable SIP.
strict-register
string
    Choices:
  • disable
  • enable
Enable/disable only allow the registrar to connect.
subscribe-rate
integer
SUBSCRIBE request rate limit (per second, per policy).
subscribe-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
unknown-header
string
    Choices:
  • pass
  • discard
  • respond
Action for unknown SIP header.
update-rate
integer
UPDATE request rate limit (per second, per policy).
update-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: SIP.
     fmgr_voip_profile_sip:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        profile: <your own value>
        voip_profile_sip:
           ack-rate: <value of integer>
           block-ack: <value in [disable, enable]>
           block-bye: <value in [disable, enable]>
           block-cancel: <value in [disable, enable]>
           block-geo-red-options: <value in [disable, enable]>
           block-info: <value in [disable, enable]>
           block-invite: <value in [disable, enable]>
           block-long-lines: <value in [disable, enable]>
           block-message: <value in [disable, enable]>
           block-notify: <value in [disable, enable]>
           block-options: <value in [disable, enable]>
           block-prack: <value in [disable, enable]>
           block-publish: <value in [disable, enable]>
           block-refer: <value in [disable, enable]>
           block-register: <value in [disable, enable]>
           block-subscribe: <value in [disable, enable]>
           block-unknown: <value in [disable, enable]>
           block-update: <value in [disable, enable]>
           bye-rate: <value of integer>
           call-keepalive: <value of integer>
           cancel-rate: <value of integer>
           contact-fixup: <value in [disable, enable]>
           hnt-restrict-source-ip: <value in [disable, enable]>
           hosted-nat-traversal: <value in [disable, enable]>
           info-rate: <value of integer>
           invite-rate: <value of integer>
           ips-rtp: <value in [disable, enable]>
           log-call-summary: <value in [disable, enable]>
           log-violations: <value in [disable, enable]>
           malformed-header-allow: <value in [pass, discard, respond]>
           malformed-header-call-id: <value in [pass, discard, respond]>
           malformed-header-contact: <value in [pass, discard, respond]>
           malformed-header-content-length: <value in [pass, discard, respond]>
           malformed-header-content-type: <value in [pass, discard, respond]>
           malformed-header-cseq: <value in [pass, discard, respond]>
           malformed-header-expires: <value in [pass, discard, respond]>
           malformed-header-from: <value in [pass, discard, respond]>
           malformed-header-max-forwards: <value in [pass, discard, respond]>
           malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
           malformed-header-rack: <value in [pass, discard, respond]>
           malformed-header-record-route: <value in [pass, discard, respond]>
           malformed-header-route: <value in [pass, discard, respond]>
           malformed-header-rseq: <value in [pass, discard, respond]>
           malformed-header-sdp-a: <value in [pass, discard, respond]>
           malformed-header-sdp-b: <value in [pass, discard, respond]>
           malformed-header-sdp-c: <value in [pass, discard, respond]>
           malformed-header-sdp-i: <value in [pass, discard, respond]>
           malformed-header-sdp-k: <value in [pass, discard, respond]>
           malformed-header-sdp-m: <value in [pass, discard, respond]>
           malformed-header-sdp-o: <value in [pass, discard, respond]>
           malformed-header-sdp-r: <value in [pass, discard, respond]>
           malformed-header-sdp-s: <value in [pass, discard, respond]>
           malformed-header-sdp-t: <value in [pass, discard, respond]>
           malformed-header-sdp-v: <value in [pass, discard, respond]>
           malformed-header-sdp-z: <value in [pass, discard, respond]>
           malformed-header-to: <value in [pass, discard, respond]>
           malformed-header-via: <value in [pass, discard, respond]>
           malformed-request-line: <value in [pass, discard, respond]>
           max-body-length: <value of integer>
           max-dialogs: <value of integer>
           max-idle-dialogs: <value of integer>
           max-line-length: <value of integer>
           message-rate: <value of integer>
           nat-trace: <value in [disable, enable]>
           no-sdp-fixup: <value in [disable, enable]>
           notify-rate: <value of integer>
           open-contact-pinhole: <value in [disable, enable]>
           open-record-route-pinhole: <value in [disable, enable]>
           open-register-pinhole: <value in [disable, enable]>
           open-via-pinhole: <value in [disable, enable]>
           options-rate: <value of integer>
           prack-rate: <value of integer>
           preserve-override: <value in [disable, enable]>
           provisional-invite-expiry-time: <value of integer>
           publish-rate: <value of integer>
           refer-rate: <value of integer>
           register-contact-trace: <value in [disable, enable]>
           register-rate: <value of integer>
           rfc2543-branch: <value in [disable, enable]>
           rtp: <value in [disable, enable]>
           ssl-algorithm: <value in [high, medium, low]>
           ssl-auth-client: <value of string>
           ssl-auth-server: <value of string>
           ssl-client-certificate: <value of string>
           ssl-client-renegotiation: <value in [allow, deny, secure]>
           ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-mode: <value in [off, full]>
           ssl-pfs: <value in [require, deny, allow]>
           ssl-send-empty-frags: <value in [disable, enable]>
           ssl-server-certificate: <value of string>
           status: <value in [disable, enable]>
           strict-register: <value in [disable, enable]>
           subscribe-rate: <value of integer>
           unknown-header: <value in [pass, discard, respond]>
           update-rate: <value of integer>
           nat-port-range: <value of string>
           ack-rate-track: <value in [none, src-ip, dest-ip]>
           bye-rate-track: <value in [none, src-ip, dest-ip]>
           cancel-rate-track: <value in [none, src-ip, dest-ip]>
           info-rate-track: <value in [none, src-ip, dest-ip]>
           invite-rate-track: <value in [none, src-ip, dest-ip]>
           malformed-header-no-proxy-require: <value in [pass, discard, respond]>
           malformed-header-no-require: <value in [pass, discard, respond]>
           message-rate-track: <value in [none, src-ip, dest-ip]>
           notify-rate-track: <value in [none, src-ip, dest-ip]>
           options-rate-track: <value in [none, src-ip, dest-ip]>
           prack-rate-track: <value in [none, src-ip, dest-ip]>
           publish-rate-track: <value in [none, src-ip, dest-ip]>
           refer-rate-track: <value in [none, src-ip, dest-ip]>
           register-rate-track: <value in [none, src-ip, dest-ip]>
           subscribe-rate-track: <value in [none, src-ip, dest-ip]>
           update-rate-track: <value in [none, src-ip, dest-ip]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)