fortinet.fortimanager.fmgr_voip_profile_sip – SIP.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
profile
string / required
the parameter (profile) in requested url
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
voip_profile_sip
dictionary
the top level parameters set
ack-rate
integer
ACK request rate limit (per second, per policy).
ack-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
block-ack
string
    Choices:
  • disable
  • enable
Enable/disable block ACK requests.
block-bye
string
    Choices:
  • disable
  • enable
Enable/disable block BYE requests.
block-cancel
string
    Choices:
  • disable
  • enable
Enable/disable block CANCEL requests.
block-geo-red-options
string
    Choices:
  • disable
  • enable
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
block-info
string
    Choices:
  • disable
  • enable
Enable/disable block INFO requests.
block-invite
string
    Choices:
  • disable
  • enable
Enable/disable block INVITE requests.
block-long-lines
string
    Choices:
  • disable
  • enable
Enable/disable block requests with headers exceeding max-line-length.
block-message
string
    Choices:
  • disable
  • enable
Enable/disable block MESSAGE requests.
block-notify
string
    Choices:
  • disable
  • enable
Enable/disable block NOTIFY requests.
block-options
string
    Choices:
  • disable
  • enable
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
block-prack
string
    Choices:
  • disable
  • enable
Enable/disable block prack requests.
block-publish
string
    Choices:
  • disable
  • enable
Enable/disable block PUBLISH requests.
block-refer
string
    Choices:
  • disable
  • enable
Enable/disable block REFER requests.
block-register
string
    Choices:
  • disable
  • enable
Enable/disable block REGISTER requests.
block-subscribe
string
    Choices:
  • disable
  • enable
Enable/disable block SUBSCRIBE requests.
block-unknown
string
    Choices:
  • disable
  • enable
Block unrecognized SIP requests (enabled by default).
block-update
string
    Choices:
  • disable
  • enable
Enable/disable block UPDATE requests.
bye-rate
integer
BYE request rate limit (per second, per policy).
bye-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
call-keepalive
integer
Continue tracking calls with no RTP for this many minutes.
cancel-rate
integer
CANCEL request rate limit (per second, per policy).
cancel-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
contact-fixup
string
    Choices:
  • disable
  • enable
Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port.
hnt-restrict-source-ip
string
    Choices:
  • disable
  • enable
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
hosted-nat-traversal
string
    Choices:
  • disable
  • enable
Hosted NAT Traversal (HNT).
info-rate
integer
INFO request rate limit (per second, per policy).
info-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
invite-rate
integer
INVITE request rate limit (per second, per policy).
invite-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
ips-rtp
string
    Choices:
  • disable
  • enable
Enable/disable allow IPS on RTP.
log-call-summary
string
    Choices:
  • disable
  • enable
Enable/disable logging of SIP call summary.
log-violations
string
    Choices:
  • disable
  • enable
Enable/disable logging of SIP violations.
malformed-header-allow
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Allow header.
malformed-header-call-id
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Call-ID header.
malformed-header-contact
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Contact header.
malformed-header-content-length
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Content-Length header.
malformed-header-content-type
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Content-Type header.
malformed-header-cseq
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed CSeq header.
malformed-header-expires
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Expires header.
malformed-header-from
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed From header.
malformed-header-max-forwards
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Max-Forwards header.
malformed-header-no-proxy-require
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SIP messages without Proxy-Require header.
malformed-header-no-require
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SIP messages without Require header.
malformed-header-p-asserted-identity
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed P-Asserted-Identity header.
malformed-header-rack
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed RAck header.
malformed-header-record-route
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Record-Route header.
malformed-header-route
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed Route header.
malformed-header-rseq
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed RSeq header.
malformed-header-sdp-a
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP a line.
malformed-header-sdp-b
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP b line.
malformed-header-sdp-c
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP c line.
malformed-header-sdp-i
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP i line.
malformed-header-sdp-k
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP k line.
malformed-header-sdp-m
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP m line.
malformed-header-sdp-o
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP o line.
malformed-header-sdp-r
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP r line.
malformed-header-sdp-s
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP s line.
malformed-header-sdp-t
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP t line.
malformed-header-sdp-v
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP v line.
malformed-header-sdp-z
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed SDP z line.
malformed-header-to
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed To header.
malformed-header-via
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed VIA header.
malformed-request-line
string
    Choices:
  • pass
  • discard
  • respond
Action for malformed request line.
max-body-length
integer
Maximum SIP message body length (0 meaning no limit).
max-dialogs
integer
Maximum number of concurrent calls/dialogs (per policy).
max-idle-dialogs
integer
Maximum number established but idle dialogs to retain (per policy).
max-line-length
integer
Maximum SIP header line length (78-4096).
message-rate
integer
MESSAGE request rate limit (per second, per policy).
message-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
nat-port-range
string
RTP NAT port range.
nat-trace
string
    Choices:
  • disable
  • enable
Enable/disable preservation of original IP in SDP i line.
no-sdp-fixup
string
    Choices:
  • disable
  • enable
Enable/disable no SDP fix-up.
notify-rate
integer
NOTIFY request rate limit (per second, per policy).
notify-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
open-contact-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for non-REGISTER Contact port.
open-record-route-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for Record-Route port.
open-register-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for REGISTER Contact port.
open-via-pinhole
string
    Choices:
  • disable
  • enable
Enable/disable open pinhole for Via port.
options-rate
integer
OPTIONS request rate limit (per second, per policy).
options-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
prack-rate
integer
PRACK request rate limit (per second, per policy).
prack-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
preserve-override
string
    Choices:
  • disable
  • enable
Override i line to preserve original IPS (default: append).
provisional-invite-expiry-time
integer
Expiry time for provisional INVITE (10 - 3600 sec).
publish-rate
integer
PUBLISH request rate limit (per second, per policy).
publish-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
refer-rate
integer
REFER request rate limit (per second, per policy).
refer-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
register-contact-trace
string
    Choices:
  • disable
  • enable
Enable/disable trace original IP/port within the contact header of REGISTER requests.
register-rate
integer
REGISTER request rate limit (per second, per policy).
register-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
rfc2543-branch
string
    Choices:
  • disable
  • enable
Enable/disable support via branch compliant with RFC 2543.
rtp
string
    Choices:
  • disable
  • enable
Enable/disable create pinholes for RTP traffic to traverse firewall.
ssl-algorithm
string
    Choices:
  • high
  • medium
  • low
Relative strength of encryption algorithms accepted in negotiation.
ssl-auth-client
string
Require a client certificate and authenticate it with the peer/peergrp.
ssl-auth-server
string
Authenticate the servers certificate with the peer/peergrp.
ssl-client-certificate
string
Name of Certificate to offer to server if requested.
ssl-client-renegotiation
string
    Choices:
  • allow
  • deny
  • secure
Allow/block client renegotiation by server.
ssl-max-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
Highest SSL/TLS version to negotiate.
ssl-min-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
Lowest SSL/TLS version to negotiate.
ssl-mode
string
    Choices:
  • off
  • full
SSL/TLS mode for encryption & decryption of traffic.
ssl-pfs
string
    Choices:
  • require
  • deny
  • allow
SSL Perfect Forward Secrecy.
ssl-send-empty-frags
string
    Choices:
  • disable
  • enable
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
ssl-server-certificate
string
Name of Certificate return to the client in every SSL connection.
status
string
    Choices:
  • disable
  • enable
Enable/disable SIP.
strict-register
string
    Choices:
  • disable
  • enable
Enable/disable only allow the registrar to connect.
subscribe-rate
integer
SUBSCRIBE request rate limit (per second, per policy).
subscribe-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
unknown-header
string
    Choices:
  • pass
  • discard
  • respond
Action for unknown SIP header.
update-rate
integer
UPDATE request rate limit (per second, per policy).
update-rate-track
string
    Choices:
  • none
  • src-ip
  • dest-ip
Track the packet protocol field.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: SIP.
     fmgr_voip_profile_sip:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        profile: <your own value>
        voip_profile_sip:
           ack-rate: <value of integer>
           block-ack: <value in [disable, enable]>
           block-bye: <value in [disable, enable]>
           block-cancel: <value in [disable, enable]>
           block-geo-red-options: <value in [disable, enable]>
           block-info: <value in [disable, enable]>
           block-invite: <value in [disable, enable]>
           block-long-lines: <value in [disable, enable]>
           block-message: <value in [disable, enable]>
           block-notify: <value in [disable, enable]>
           block-options: <value in [disable, enable]>
           block-prack: <value in [disable, enable]>
           block-publish: <value in [disable, enable]>
           block-refer: <value in [disable, enable]>
           block-register: <value in [disable, enable]>
           block-subscribe: <value in [disable, enable]>
           block-unknown: <value in [disable, enable]>
           block-update: <value in [disable, enable]>
           bye-rate: <value of integer>
           call-keepalive: <value of integer>
           cancel-rate: <value of integer>
           contact-fixup: <value in [disable, enable]>
           hnt-restrict-source-ip: <value in [disable, enable]>
           hosted-nat-traversal: <value in [disable, enable]>
           info-rate: <value of integer>
           invite-rate: <value of integer>
           ips-rtp: <value in [disable, enable]>
           log-call-summary: <value in [disable, enable]>
           log-violations: <value in [disable, enable]>
           malformed-header-allow: <value in [pass, discard, respond]>
           malformed-header-call-id: <value in [pass, discard, respond]>
           malformed-header-contact: <value in [pass, discard, respond]>
           malformed-header-content-length: <value in [pass, discard, respond]>
           malformed-header-content-type: <value in [pass, discard, respond]>
           malformed-header-cseq: <value in [pass, discard, respond]>
           malformed-header-expires: <value in [pass, discard, respond]>
           malformed-header-from: <value in [pass, discard, respond]>
           malformed-header-max-forwards: <value in [pass, discard, respond]>
           malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
           malformed-header-rack: <value in [pass, discard, respond]>
           malformed-header-record-route: <value in [pass, discard, respond]>
           malformed-header-route: <value in [pass, discard, respond]>
           malformed-header-rseq: <value in [pass, discard, respond]>
           malformed-header-sdp-a: <value in [pass, discard, respond]>
           malformed-header-sdp-b: <value in [pass, discard, respond]>
           malformed-header-sdp-c: <value in [pass, discard, respond]>
           malformed-header-sdp-i: <value in [pass, discard, respond]>
           malformed-header-sdp-k: <value in [pass, discard, respond]>
           malformed-header-sdp-m: <value in [pass, discard, respond]>
           malformed-header-sdp-o: <value in [pass, discard, respond]>
           malformed-header-sdp-r: <value in [pass, discard, respond]>
           malformed-header-sdp-s: <value in [pass, discard, respond]>
           malformed-header-sdp-t: <value in [pass, discard, respond]>
           malformed-header-sdp-v: <value in [pass, discard, respond]>
           malformed-header-sdp-z: <value in [pass, discard, respond]>
           malformed-header-to: <value in [pass, discard, respond]>
           malformed-header-via: <value in [pass, discard, respond]>
           malformed-request-line: <value in [pass, discard, respond]>
           max-body-length: <value of integer>
           max-dialogs: <value of integer>
           max-idle-dialogs: <value of integer>
           max-line-length: <value of integer>
           message-rate: <value of integer>
           nat-trace: <value in [disable, enable]>
           no-sdp-fixup: <value in [disable, enable]>
           notify-rate: <value of integer>
           open-contact-pinhole: <value in [disable, enable]>
           open-record-route-pinhole: <value in [disable, enable]>
           open-register-pinhole: <value in [disable, enable]>
           open-via-pinhole: <value in [disable, enable]>
           options-rate: <value of integer>
           prack-rate: <value of integer>
           preserve-override: <value in [disable, enable]>
           provisional-invite-expiry-time: <value of integer>
           publish-rate: <value of integer>
           refer-rate: <value of integer>
           register-contact-trace: <value in [disable, enable]>
           register-rate: <value of integer>
           rfc2543-branch: <value in [disable, enable]>
           rtp: <value in [disable, enable]>
           ssl-algorithm: <value in [high, medium, low]>
           ssl-auth-client: <value of string>
           ssl-auth-server: <value of string>
           ssl-client-certificate: <value of string>
           ssl-client-renegotiation: <value in [allow, deny, secure]>
           ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-mode: <value in [off, full]>
           ssl-pfs: <value in [require, deny, allow]>
           ssl-send-empty-frags: <value in [disable, enable]>
           ssl-server-certificate: <value of string>
           status: <value in [disable, enable]>
           strict-register: <value in [disable, enable]>
           subscribe-rate: <value of integer>
           unknown-header: <value in [pass, discard, respond]>
           update-rate: <value of integer>
           nat-port-range: <value of string>
           ack-rate-track: <value in [none, src-ip, dest-ip]>
           bye-rate-track: <value in [none, src-ip, dest-ip]>
           cancel-rate-track: <value in [none, src-ip, dest-ip]>
           info-rate-track: <value in [none, src-ip, dest-ip]>
           invite-rate-track: <value in [none, src-ip, dest-ip]>
           malformed-header-no-proxy-require: <value in [pass, discard, respond]>
           malformed-header-no-require: <value in [pass, discard, respond]>
           message-rate-track: <value in [none, src-ip, dest-ip]>
           notify-rate-track: <value in [none, src-ip, dest-ip]>
           options-rate-track: <value in [none, src-ip, dest-ip]>
           prack-rate-track: <value in [none, src-ip, dest-ip]>
           publish-rate-track: <value in [none, src-ip, dest-ip]>
           refer-rate-track: <value in [none, src-ip, dest-ip]>
           register-rate-track: <value in [none, src-ip, dest-ip]>
           subscribe-rate-track: <value in [none, src-ip, dest-ip]>
           update-rate-track: <value in [none, src-ip, dest-ip]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)