fortinet.fortios.fortios_firewall_gtp – Configure GTP in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_firewall_gtp.

New in version 2.10: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task.
firewall_gtp
dictionary
Configure GTP.
addr_notify
string
overbilling notify address
apn
list / elements=string
APN.
action
string
    Choices:
  • allow
  • deny
Action.
apnmember
list / elements=string
APN member.
name
string / required
APN name. Source gtp.apn.name gtp.apngrp.name.
id
integer / required
ID.
selection_mode
list / elements=string
    Choices:
  • ms
  • net
  • vrf
APN selection mode.
apn_filter
string
    Choices:
  • enable
  • disable
apn filter
authorized_ggsns
string
Authorized GGSN group Source firewall.address.name firewall.addrgrp.name.
authorized_ggsns6
string
Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
authorized_sgsns
string
Authorized SGSN group Source firewall.address.name firewall.addrgrp.name.
authorized_sgsns6
string
Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
comment
string
Comment.
context_id
integer
Overbilling context.
control_plane_message_rate_limit
integer
control plane message rate limit
default_apn_action
string
    Choices:
  • allow
  • deny
default apn action
default_imsi_action
string
    Choices:
  • allow
  • deny
default imsi action
default_ip_action
string
    Choices:
  • allow
  • deny
default action for encapsulated IP traffic
default_noip_action
string
    Choices:
  • allow
  • deny
default action for encapsulated non-IP traffic
default_policy_action
string
    Choices:
  • allow
  • deny
default advanced policy action
denied_log
string
    Choices:
  • enable
  • disable
log denied
echo_request_interval
integer
echo request interval (in seconds)
extension_log
string
    Choices:
  • enable
  • disable
log in extension format
forwarded_log
string
    Choices:
  • enable
  • disable
log forwarded
global_tunnel_limit
string
Global tunnel limit. Source gtp.tunnel-limit.name.
gtp_in_gtp
string
    Choices:
  • allow
  • deny
gtp in gtp
gtpu_denied_log
string
    Choices:
  • enable
  • disable
Enable/disable logging of denied GTP-U packets.
gtpu_forwarded_log
string
    Choices:
  • enable
  • disable
Enable/disable logging of forwarded GTP-U packets.
gtpu_log_freq
integer
Logging of frequency of GTP-U packets.
half_close_timeout
integer
Half-close tunnel timeout (in seconds).
half_open_timeout
integer
Half-open tunnel timeout (in seconds).
handover_group
string
Handover SGSN group Source firewall.address.name firewall.addrgrp.name.
handover_group6
string
Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
ie_allow_list_v0v1
string
IE allow list. Source gtp.ie-allow-list.name.
ie_allow_list_v2
string
IE allow list. Source gtp.ie-allow-list.name.
ie_remove_policy
list / elements=string
IE remove policy.
id
integer / required
ID.
remove_ies
string
    Choices:
  • apn-restriction
  • rat-type
  • rai
  • uli
  • imei
GTP IEs to be removed.
sgsn_addr
string
SGSN address name. Source firewall.address.name firewall.addrgrp.name.
sgsn_addr6
string
SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
ie_remover
string
    Choices:
  • enable
  • disable
IE removal policy.
ie_validation
dictionary
IE validation.
apn_restriction
string
    Choices:
  • enable
  • disable
Validate APN restriction.
charging_gateway_addr
string
    Choices:
  • enable
  • disable
Validate charging gateway address.
charging_ID
string
    Choices:
  • enable
  • disable
Validate charging ID.
end_user_addr
string
    Choices:
  • enable
  • disable
Validate end user address.
gsn_addr
string
    Choices:
  • enable
  • disable
Validate GSN address.
imei
string
    Choices:
  • enable
  • disable
Validate IMEI(SV).
imsi
string
    Choices:
  • enable
  • disable
Validate IMSI.
mm_context
string
    Choices:
  • enable
  • disable
Validate MM context.
ms_tzone
string
    Choices:
  • enable
  • disable
Validate MS time zone.
ms_validated
string
    Choices:
  • enable
  • disable
Validate MS validated.
msisdn
string
    Choices:
  • enable
  • disable
Validate MSISDN.
nsapi
string
    Choices:
  • enable
  • disable
Validate NSAPI.
pdp_context
string
    Choices:
  • enable
  • disable
Validate PDP context.
qos_profile
string
    Choices:
  • enable
  • disable
Validate Quality of Service(QoS) profile.
rai
string
    Choices:
  • enable
  • disable
Validate RAI.
rat_type
string
    Choices:
  • enable
  • disable
Validate RAT type.
reordering_required
string
    Choices:
  • enable
  • disable
Validate re-ordering required.
selection_mode
string
    Choices:
  • enable
  • disable
Validate selection mode.
uli
string
    Choices:
  • enable
  • disable
Validate user location information.
ie_white_list_v0v1
string
IE white list. Source gtp.ie-white-list.name.
ie_white_list_v2
string
IE white list. Source gtp.ie-white-list.name.
imsi
list / elements=string
IMSI.
action
string
    Choices:
  • allow
  • deny
Action.
apnmember
list / elements=string
APN member.
name
string / required
APN name. Source gtp.apn.name gtp.apngrp.name.
id
integer / required
ID.
mcc_mnc
string
MCC MNC.
msisdn_prefix
string
MSISDN prefix.
selection_mode
list / elements=string
    Choices:
  • ms
  • net
  • vrf
APN selection mode.
imsi_filter
string
    Choices:
  • enable
  • disable
imsi filter
interface_notify
string
overbilling interface Source system.interface.name.
invalid_reserved_field
string
    Choices:
  • allow
  • deny
Invalid reserved field in GTP header
invalid_sgsns6_to_log
string
Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name.
invalid_sgsns_to_log
string
Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name.
ip_filter
string
    Choices:
  • enable
  • disable
IP filter for encapsulted traffic
ip_policy
list / elements=string
IP policy.
action
string
    Choices:
  • allow
  • deny
Action.
dstaddr
string
Destination address name. Source firewall.address.name firewall.addrgrp.name.
dstaddr6
string
Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
id
integer / required
ID.
srcaddr
string
Source address name. Source firewall.address.name firewall.addrgrp.name.
srcaddr6
string
Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
log_freq
integer
Logging of frequency of GTP-C packets.
log_gtpu_limit
integer
the user data log limit (0-512 bytes)
log_imsi_prefix
string
IMSI prefix for selective logging.
log_msisdn_prefix
string
the msisdn prefix for selective logging
max_message_length
integer
max message length
message_filter_v0v1
string
Message filter. Source gtp.message-filter-v0v1.name.
message_filter_v2
string
Message filter. Source gtp.message-filter-v2.name.
message_rate_limit
dictionary
Message rate limiting.
create_aa_pdp_request
integer
Rate limit for create AA PDP context request (packets per second).
create_aa_pdp_response
integer
Rate limit for create AA PDP context response (packets per second).
create_mbms_request
integer
Rate limit for create MBMS context request (packets per second).
create_mbms_response
integer
Rate limit for create MBMS context response (packets per second).
create_pdp_request
integer
Rate limit for create PDP context request (packets per second).
create_pdp_response
integer
Rate limit for create PDP context response (packets per second).
delete_aa_pdp_request
integer
Rate limit for delete AA PDP context request (packets per second).
delete_aa_pdp_response
integer
Rate limit for delete AA PDP context response (packets per second).
delete_mbms_request
integer
Rate limit for delete MBMS context request (packets per second).
delete_mbms_response
integer
Rate limit for delete MBMS context response (packets per second).
delete_pdp_request
integer
Rate limit for delete PDP context request (packets per second).
delete_pdp_response
integer
Rate limit for delete PDP context response (packets per second).
echo_reponse
integer
Rate limit for echo response (packets per second).
echo_request
integer
Rate limit for echo requests (packets per second).
error_indication
integer
Rate limit for error indication (packets per second).
failure_report_request
integer
Rate limit for failure report request (packets per second).
failure_report_response
integer
Rate limit for failure report response (packets per second).
fwd_reloc_complete_ack
integer
Rate limit for forward relocation complete acknowledge (packets per second).
fwd_relocation_complete
integer
Rate limit for forward relocation complete (packets per second).
fwd_relocation_request
integer
Rate limit for forward relocation request (packets per second).
fwd_relocation_response
integer
Rate limit for forward relocation response (packets per second).
fwd_srns_context
integer
Rate limit for forward SRNS context (packets per second).
fwd_srns_context_ack
integer
Rate limit for forward SRNS context acknowledge (packets per second).
g_pdu
integer
Rate limit for G-PDU (packets per second).
identification_request
integer
Rate limit for identification request (packets per second).
identification_response
integer
Rate limit for identification response (packets per second).
mbms_de_reg_request
integer
Rate limit for MBMS de-registration request (packets per second).
mbms_de_reg_response
integer
Rate limit for MBMS de-registration response (packets per second).
mbms_notify_rej_request
integer
Rate limit for MBMS notification reject request (packets per second).
mbms_notify_rej_response
integer
Rate limit for MBMS notification reject response (packets per second).
mbms_notify_request
integer
Rate limit for MBMS notification request (packets per second).
mbms_notify_response
integer
Rate limit for MBMS notification response (packets per second).
mbms_reg_request
integer
Rate limit for MBMS registration request (packets per second).
mbms_reg_response
integer
Rate limit for MBMS registration response (packets per second).
mbms_ses_start_request
integer
Rate limit for MBMS session start request (packets per second).
mbms_ses_start_response
integer
Rate limit for MBMS session start response (packets per second).
mbms_ses_stop_request
integer
Rate limit for MBMS session stop request (packets per second).
mbms_ses_stop_response
integer
Rate limit for MBMS session stop response (packets per second).
note_ms_request
integer
Rate limit for note MS GPRS present request (packets per second).
note_ms_response
integer
Rate limit for note MS GPRS present response (packets per second).
pdu_notify_rej_request
integer
Rate limit for PDU notify reject request (packets per second).
pdu_notify_rej_response
integer
Rate limit for PDU notify reject response (packets per second).
pdu_notify_request
integer
Rate limit for PDU notify request (packets per second).
pdu_notify_response
integer
Rate limit for PDU notify response (packets per second).
ran_info
integer
Rate limit for RAN information relay (packets per second).
relocation_cancel_request
integer
Rate limit for relocation cancel request (packets per second).
relocation_cancel_response
integer
Rate limit for relocation cancel response (packets per second).
send_route_request
integer
Rate limit for send routing information for GPRS request (packets per second).
send_route_response
integer
Rate limit for send routing information for GPRS response (packets per second).
sgsn_context_ack
integer
Rate limit for SGSN context acknowledgement (packets per second).
sgsn_context_request
integer
Rate limit for SGSN context request (packets per second).
sgsn_context_response
integer
Rate limit for SGSN context response (packets per second).
support_ext_hdr_notify
integer
Rate limit for support extension headers notification (packets per second).
update_mbms_request
integer
Rate limit for update MBMS context request (packets per second).
update_mbms_response
integer
Rate limit for update MBMS context response (packets per second).
update_pdp_request
integer
Rate limit for update PDP context request (packets per second).
update_pdp_response
integer
Rate limit for update PDP context response (packets per second).
version_not_support
integer
Rate limit for version not supported (packets per second).
message_rate_limit_v0
dictionary
Message rate limiting for GTP version 0.
create_pdp_request
integer
Rate limit (packets/s) for create PDP context request.
delete_pdp_request
integer
Rate limit (packets/s) for delete PDP context request.
echo_request
integer
Rate limit (packets/s) for echo request.
message_rate_limit_v1
dictionary
Message rate limiting for GTP version 1.
create_pdp_request
integer
Rate limit (packets/s) for create PDP context request.
delete_pdp_request
integer
Rate limit (packets/s) for delete PDP context request.
echo_request
integer
Rate limit (packets/s) for echo request.
message_rate_limit_v2
dictionary
Message rate limiting for GTP version 2.
create_session_request
integer
Rate limit (packets/s) for create session request.
delete_session_request
integer
Rate limit (packets/s) for delete session request.
echo_request
integer
Rate limit (packets/s) for echo request.
min_message_length
integer
min message length
miss_must_ie
string
    Choices:
  • allow
  • deny
Missing mandatory information element
monitor_mode
string
    Choices:
  • enable
  • disable
  • vdom
GTP monitor mode
name
string / required
Profile name.
noip_filter
string
    Choices:
  • enable
  • disable
non-IP filter for encapsulted traffic
noip_policy
list / elements=string
No IP policy.
action
string
    Choices:
  • allow
  • deny
Action.
end
integer
End of protocol range (0 - 255).
id
integer / required
ID.
start
integer
Start of protocol range (0 - 255).
type
string
    Choices:
  • etsi
  • ietf
Protocol field type.
out_of_state_ie
string
    Choices:
  • allow
  • deny
Out of state information element.
out_of_state_message
string
    Choices:
  • allow
  • deny
Out of state GTP message
per_apn_shaper
list / elements=string
Per APN shaper.
apn
string
APN name. Source gtp.apn.name.
id
integer / required
ID.
rate_limit
integer
Rate limit (packets/s) for create PDP context request.
version
integer
GTP version number: 0 or 1.
policy
list / elements=string
Policy.
action
string
    Choices:
  • allow
  • deny
Action.
apn_sel_mode
list / elements=string
    Choices:
  • ms
  • net
  • vrf
APN selection mode.
apnmember
list / elements=string
APN member.
name
string / required
APN name. Source gtp.apn.name gtp.apngrp.name.
id
integer / required
ID.
imei
string
IMEI(SV) pattern.
imsi
string
IMSI prefix.
imsi_prefix
string
IMSI prefix.
max_apn_restriction
string
    Choices:
  • all
  • public-1
  • public-2
  • private-1
  • private-2
Maximum APN restriction value.
messages
list / elements=string
    Choices:
  • create-req
  • create-res
  • update-req
  • update-res
GTP messages.
msisdn
string
MSISDN prefix.
msisdn_prefix
string
MSISDN prefix.
rai
string
RAI pattern.
rat_type
list / elements=string
    Choices:
  • any
  • utran
  • geran
  • wlan
  • gan
  • hspa
  • eutran
  • virtual
  • nbiot
RAT Type.
uli
string
ULI pattern.
policy_filter
string
    Choices:
  • enable
  • disable
Advanced policy filter
policy_v2
list / elements=string
Apply allow or deny action to each GTPv2-c packet.
action
string
    Choices:
  • allow
  • deny
Action.
apn_sel_mode
string
    Choices:
  • ms
  • net
  • vrf
APN selection mode.
apnmember
list / elements=string
APN member.
name
string / required
APN name. Source gtp.apn.name gtp.apngrp.name.
id
integer / required
ID.
imsi_prefix
string
IMSI prefix.
max_apn_restriction
string
    Choices:
  • all
  • public-1
  • public-2
  • private-1
  • private-2
Maximum APN restriction value.
mei
string
MEI pattern.
messages
string
    Choices:
  • create-ses-req
  • create-ses-res
  • modify-bearer-req
  • modify-bearer-res
GTP messages.
msisdn_prefix
string
MSISDN prefix.
rat_type
string
    Choices:
  • any
  • utran
  • geran
  • wlan
  • gan
  • hspa
  • eutran
  • virtual
  • nbiot
  • ltem
  • nr
RAT Type.
uli
string
GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI).
port_notify
integer
overbilling notify port
rate_limit_mode
string
    Choices:
  • per-profile
  • per-stream
  • per-apn
GTP rate limit mode.
rate_limited_log
string
    Choices:
  • enable
  • disable
log rate limited
rate_sampling_interval
integer
rate sampling interval (1-3600 seconds)
remove_if_echo_expires
string
    Choices:
  • enable
  • disable
remove if echo response expires
remove_if_recovery_differ
string
    Choices:
  • enable
  • disable
remove upon different Recovery IE
reserved_ie
string
    Choices:
  • allow
  • deny
reserved information element
send_delete_when_timeout
string
    Choices:
  • enable
  • disable
send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.
send_delete_when_timeout_v2
string
    Choices:
  • enable
  • disable
send DELETE request to path endpoints when GTPv2 tunnel timeout.
spoof_src_addr
string
    Choices:
  • allow
  • deny
Spoofed source address for Mobile Station.
state_invalid_log
string
    Choices:
  • enable
  • disable
log state invalid
sub_second_interval
string
    Choices:
  • 0.5
  • 0.25
  • 0.1
Sub-second interval (0.1, 0.25, or 0.5 sec).
sub_second_sampling
string
    Choices:
  • enable
  • disable
Enable/disable sub-second sampling.
traffic_count_log
string
    Choices:
  • enable
  • disable
log tunnel traffic counter
tunnel_limit
integer
tunnel limit
tunnel_limit_log
string
    Choices:
  • enable
  • disable
tunnel limit
tunnel_timeout
integer
Established tunnel timeout (in seconds).
unknown_version_action
string
    Choices:
  • allow
  • deny
action for unknown gtp version
user_plane_message_rate_limit
integer
user plane message rate limit
warning_threshold
integer
Warning threshold for rate limiting (0 - 99 percent).
state
string / required
    Choices:
  • present
  • absent
Indicates whether to create or remove the object.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure GTP.
    fortios_firewall_gtp:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_gtp:
        addr_notify: "<your_own_value>"
        apn:
         -
            action: "allow"
            apnmember:
             -
                name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)"
            id:  "8"
            selection_mode: "ms"
        apn_filter: "enable"
        authorized_ggsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        authorized_ggsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        authorized_sgsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        authorized_sgsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        comment: "Comment."
        context_id: "16"
        control_plane_message_rate_limit: "17"
        default_apn_action: "allow"
        default_imsi_action: "allow"
        default_ip_action: "allow"
        default_noip_action: "allow"
        default_policy_action: "allow"
        denied_log: "enable"
        echo_request_interval: "24"
        extension_log: "enable"
        forwarded_log: "enable"
        global_tunnel_limit: "<your_own_value> (source gtp.tunnel-limit.name)"
        gtp_in_gtp: "allow"
        gtpu_denied_log: "enable"
        gtpu_forwarded_log: "enable"
        gtpu_log_freq: "31"
        half_close_timeout: "32"
        half_open_timeout: "33"
        handover_group: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        handover_group6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ie_allow_list_v0v1: "<your_own_value> (source gtp.ie-allow-list.name)"
        ie_allow_list_v2: "<your_own_value> (source gtp.ie-allow-list.name)"
        ie_remove_policy:
         -
            id:  "39"
            remove_ies: "apn-restriction"
            sgsn_addr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            sgsn_addr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ie_remover: "enable"
        ie_validation:
            apn_restriction: "enable"
            charging_gateway_addr: "enable"
            charging_ID: "enable"
            end_user_addr: "enable"
            gsn_addr: "enable"
            imei: "enable"
            imsi: "enable"
            mm_context: "enable"
            ms_tzone: "enable"
            ms_validated: "enable"
            msisdn: "enable"
            nsapi: "enable"
            pdp_context: "enable"
            qos_profile: "enable"
            rai: "enable"
            rat_type: "enable"
            reordering_required: "enable"
            selection_mode: "enable"
            uli: "enable"
        ie_white_list_v0v1: "<your_own_value> (source gtp.ie-white-list.name)"
        ie_white_list_v2: "<your_own_value> (source gtp.ie-white-list.name)"
        imsi:
         -
            action: "allow"
            apnmember:
             -
                name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)"
            id:  "70"
            mcc_mnc: "<your_own_value>"
            msisdn_prefix: "<your_own_value>"
            selection_mode: "ms"
        imsi_filter: "enable"
        interface_notify: "<your_own_value> (source system.interface.name)"
        invalid_reserved_field: "allow"
        invalid_sgsns_to_log: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        invalid_sgsns6_to_log: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ip_filter: "enable"
        ip_policy:
         -
            action: "allow"
            dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            dstaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
            id:  "84"
            srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            srcaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        log_freq: "87"
        log_gtpu_limit: "88"
        log_imsi_prefix: "<your_own_value>"
        log_msisdn_prefix: "<your_own_value>"
        max_message_length: "91"
        message_filter_v0v1: "<your_own_value> (source gtp.message-filter-v0v1.name)"
        message_filter_v2: "<your_own_value> (source gtp.message-filter-v2.name)"
        message_rate_limit:
            create_aa_pdp_request: "95"
            create_aa_pdp_response: "96"
            create_mbms_request: "97"
            create_mbms_response: "98"
            create_pdp_request: "99"
            create_pdp_response: "100"
            delete_aa_pdp_request: "101"
            delete_aa_pdp_response: "102"
            delete_mbms_request: "103"
            delete_mbms_response: "104"
            delete_pdp_request: "105"
            delete_pdp_response: "106"
            echo_reponse: "107"
            echo_request: "108"
            error_indication: "109"
            failure_report_request: "110"
            failure_report_response: "111"
            fwd_reloc_complete_ack: "112"
            fwd_relocation_complete: "113"
            fwd_relocation_request: "114"
            fwd_relocation_response: "115"
            fwd_srns_context: "116"
            fwd_srns_context_ack: "117"
            g_pdu: "118"
            identification_request: "119"
            identification_response: "120"
            mbms_de_reg_request: "121"
            mbms_de_reg_response: "122"
            mbms_notify_rej_request: "123"
            mbms_notify_rej_response: "124"
            mbms_notify_request: "125"
            mbms_notify_response: "126"
            mbms_reg_request: "127"
            mbms_reg_response: "128"
            mbms_ses_start_request: "129"
            mbms_ses_start_response: "130"
            mbms_ses_stop_request: "131"
            mbms_ses_stop_response: "132"
            note_ms_request: "133"
            note_ms_response: "134"
            pdu_notify_rej_request: "135"
            pdu_notify_rej_response: "136"
            pdu_notify_request: "137"
            pdu_notify_response: "138"
            ran_info: "139"
            relocation_cancel_request: "140"
            relocation_cancel_response: "141"
            send_route_request: "142"
            send_route_response: "143"
            sgsn_context_ack: "144"
            sgsn_context_request: "145"
            sgsn_context_response: "146"
            support_ext_hdr_notify: "147"
            update_mbms_request: "148"
            update_mbms_response: "149"
            update_pdp_request: "150"
            update_pdp_response: "151"
            version_not_support: "152"
        message_rate_limit_v0:
            create_pdp_request: "154"
            delete_pdp_request: "155"
            echo_request: "156"
        message_rate_limit_v1:
            create_pdp_request: "158"
            delete_pdp_request: "159"
            echo_request: "160"
        message_rate_limit_v2:
            create_session_request: "162"
            delete_session_request: "163"
            echo_request: "164"
        min_message_length: "165"
        miss_must_ie: "allow"
        monitor_mode: "enable"
        name: "default_name_168"
        noip_filter: "enable"
        noip_policy:
         -
            action: "allow"
            end: "172"
            id:  "173"
            start: "174"
            type: "etsi"
        out_of_state_ie: "allow"
        out_of_state_message: "allow"
        per_apn_shaper:
         -
            apn: "<your_own_value> (source gtp.apn.name)"
            id:  "180"
            rate_limit: "181"
            version: "182"
        policy:
         -
            action: "allow"
            apn_sel_mode: "ms"
            apnmember:
             -
                name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)"
            id:  "188"
            imei: "<your_own_value>"
            imsi: "<your_own_value>"
            imsi_prefix: "<your_own_value>"
            max_apn_restriction: "all"
            messages: "create-req"
            msisdn: "<your_own_value>"
            msisdn_prefix: "<your_own_value>"
            rai: "<your_own_value>"
            rat_type: "any"
            uli: "<your_own_value>"
        policy_filter: "enable"
        policy_v2:
         -
            action: "allow"
            apn_sel_mode: "ms"
            apnmember:
             -
                name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)"
            id:  "205"
            imsi_prefix: "<your_own_value>"
            max_apn_restriction: "all"
            mei: "<your_own_value>"
            messages: "create-ses-req"
            msisdn_prefix: "<your_own_value>"
            rat_type: "any"
            uli: "<your_own_value>"
        port_notify: "213"
        rate_limit_mode: "per-profile"
        rate_limited_log: "enable"
        rate_sampling_interval: "216"
        remove_if_echo_expires: "enable"
        remove_if_recovery_differ: "enable"
        reserved_ie: "allow"
        send_delete_when_timeout: "enable"
        send_delete_when_timeout_v2: "enable"
        spoof_src_addr: "allow"
        state_invalid_log: "enable"
        sub_second_interval: "0.5"
        sub_second_sampling: "enable"
        traffic_count_log: "enable"
        tunnel_limit: "227"
        tunnel_limit_log: "enable"
        tunnel_timeout: "229"
        unknown_version_action: "allow"
        user_plane_message_rate_limit: "231"
        warning_threshold: "232"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)