fortinet.fortimanager.fmgr_voip_profile_sip – SIP.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| adom
string / required
|
the parameter (adom) in requested url
|
||
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
|
| profile
string / required
|
the parameter (profile) in requested url
|
||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
||
| state
string / required
|
|
the directive to create, update or delete an object
|
|
| voip_profile_sip
dictionary
|
the top level parameters set
|
||
| ack-rate
integer
|
ACK request rate limit (per second, per policy).
|
||
| block-ack
string
|
|
Enable/disable block ACK requests.
|
|
| block-bye
string
|
|
Enable/disable block BYE requests.
|
|
| block-cancel
string
|
|
Enable/disable block CANCEL requests.
|
|
| block-geo-red-options
string
|
|
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
|
|
| block-info
string
|
|
Enable/disable block INFO requests.
|
|
| block-invite
string
|
|
Enable/disable block INVITE requests.
|
|
| block-long-lines
string
|
|
Enable/disable block requests with headers exceeding max-line-length.
|
|
| block-message
string
|
|
Enable/disable block MESSAGE requests.
|
|
| block-notify
string
|
|
Enable/disable block NOTIFY requests.
|
|
| block-options
string
|
|
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
|
|
| block-prack
string
|
|
Enable/disable block prack requests.
|
|
| block-publish
string
|
|
Enable/disable block PUBLISH requests.
|
|
| block-refer
string
|
|
Enable/disable block REFER requests.
|
|
| block-register
string
|
|
Enable/disable block REGISTER requests.
|
|
| block-subscribe
string
|
|
Enable/disable block SUBSCRIBE requests.
|
|
| block-unknown
string
|
|
Block unrecognized SIP requests (enabled by default).
|
|
| block-update
string
|
|
Enable/disable block UPDATE requests.
|
|
| bye-rate
integer
|
BYE request rate limit (per second, per policy).
|
||
| call-keepalive
integer
|
Continue tracking calls with no RTP for this many minutes.
|
||
| cancel-rate
integer
|
CANCEL request rate limit (per second, per policy).
|
||
| contact-fixup
string
|
|
Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port.
|
|
| hnt-restrict-source-ip
string
|
|
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
|
|
| hosted-nat-traversal
string
|
|
Hosted NAT Traversal (HNT).
|
|
| info-rate
integer
|
INFO request rate limit (per second, per policy).
|
||
| invite-rate
integer
|
INVITE request rate limit (per second, per policy).
|
||
| ips-rtp
string
|
|
Enable/disable allow IPS on RTP.
|
|
| log-call-summary
string
|
|
Enable/disable logging of SIP call summary.
|
|
| log-violations
string
|
|
Enable/disable logging of SIP violations.
|
|
| malformed-header-allow
string
|
|
Action for malformed Allow header.
|
|
| malformed-header-call-id
string
|
|
Action for malformed Call-ID header.
|
|
| malformed-header-contact
string
|
|
Action for malformed Contact header.
|
|
| malformed-header-content-length
string
|
|
Action for malformed Content-Length header.
|
|
| malformed-header-content-type
string
|
|
Action for malformed Content-Type header.
|
|
| malformed-header-cseq
string
|
|
Action for malformed CSeq header.
|
|
| malformed-header-expires
string
|
|
Action for malformed Expires header.
|
|
| malformed-header-from
string
|
|
Action for malformed From header.
|
|
| malformed-header-max-forwards
string
|
|
Action for malformed Max-Forwards header.
|
|
| malformed-header-p-asserted-identity
string
|
|
Action for malformed P-Asserted-Identity header.
|
|
| malformed-header-rack
string
|
|
Action for malformed RAck header.
|
|
| malformed-header-record-route
string
|
|
Action for malformed Record-Route header.
|
|
| malformed-header-route
string
|
|
Action for malformed Route header.
|
|
| malformed-header-rseq
string
|
|
Action for malformed RSeq header.
|
|
| malformed-header-sdp-a
string
|
|
Action for malformed SDP a line.
|
|
| malformed-header-sdp-b
string
|
|
Action for malformed SDP b line.
|
|
| malformed-header-sdp-c
string
|
|
Action for malformed SDP c line.
|
|
| malformed-header-sdp-i
string
|
|
Action for malformed SDP i line.
|
|
| malformed-header-sdp-k
string
|
|
Action for malformed SDP k line.
|
|
| malformed-header-sdp-m
string
|
|
Action for malformed SDP m line.
|
|
| malformed-header-sdp-o
string
|
|
Action for malformed SDP o line.
|
|
| malformed-header-sdp-r
string
|
|
Action for malformed SDP r line.
|
|
| malformed-header-sdp-s
string
|
|
Action for malformed SDP s line.
|
|
| malformed-header-sdp-t
string
|
|
Action for malformed SDP t line.
|
|
| malformed-header-sdp-v
string
|
|
Action for malformed SDP v line.
|
|
| malformed-header-sdp-z
string
|
|
Action for malformed SDP z line.
|
|
| malformed-header-to
string
|
|
Action for malformed To header.
|
|
| malformed-header-via
string
|
|
Action for malformed VIA header.
|
|
| malformed-request-line
string
|
|
Action for malformed request line.
|
|
| max-body-length
integer
|
Maximum SIP message body length (0 meaning no limit).
|
||
| max-dialogs
integer
|
Maximum number of concurrent calls/dialogs (per policy).
|
||
| max-idle-dialogs
integer
|
Maximum number established but idle dialogs to retain (per policy).
|
||
| max-line-length
integer
|
Maximum SIP header line length (78-4096).
|
||
| message-rate
integer
|
MESSAGE request rate limit (per second, per policy).
|
||
| nat-trace
string
|
|
Enable/disable preservation of original IP in SDP i line.
|
|
| no-sdp-fixup
string
|
|
Enable/disable no SDP fix-up.
|
|
| notify-rate
integer
|
NOTIFY request rate limit (per second, per policy).
|
||
| open-contact-pinhole
string
|
|
Enable/disable open pinhole for non-REGISTER Contact port.
|
|
| open-record-route-pinhole
string
|
|
Enable/disable open pinhole for Record-Route port.
|
|
| open-register-pinhole
string
|
|
Enable/disable open pinhole for REGISTER Contact port.
|
|
| open-via-pinhole
string
|
|
Enable/disable open pinhole for Via port.
|
|
| options-rate
integer
|
OPTIONS request rate limit (per second, per policy).
|
||
| prack-rate
integer
|
PRACK request rate limit (per second, per policy).
|
||
| preserve-override
string
|
|
Override i line to preserve original IPS (default: append).
|
|
| provisional-invite-expiry-time
integer
|
Expiry time for provisional INVITE (10 - 3600 sec).
|
||
| publish-rate
integer
|
PUBLISH request rate limit (per second, per policy).
|
||
| refer-rate
integer
|
REFER request rate limit (per second, per policy).
|
||
| register-contact-trace
string
|
|
Enable/disable trace original IP/port within the contact header of REGISTER requests.
|
|
| register-rate
integer
|
REGISTER request rate limit (per second, per policy).
|
||
| rfc2543-branch
string
|
|
Enable/disable support via branch compliant with RFC 2543.
|
|
| rtp
string
|
|
Enable/disable create pinholes for RTP traffic to traverse firewall.
|
|
| ssl-algorithm
string
|
|
Relative strength of encryption algorithms accepted in negotiation.
|
|
| ssl-auth-client
string
|
Require a client certificate and authenticate it with the peer/peergrp.
|
||
| ssl-auth-server
string
|
Authenticate the servers certificate with the peer/peergrp.
|
||
| ssl-client-certificate
string
|
Name of Certificate to offer to server if requested.
|
||
| ssl-client-renegotiation
string
|
|
Allow/block client renegotiation by server.
|
|
| ssl-max-version
string
|
|
Highest SSL/TLS version to negotiate.
|
|
| ssl-min-version
string
|
|
Lowest SSL/TLS version to negotiate.
|
|
| ssl-mode
string
|
|
SSL/TLS mode for encryption & decryption of traffic.
|
|
| ssl-pfs
string
|
|
SSL Perfect Forward Secrecy.
|
|
| ssl-send-empty-frags
string
|
|
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
|
|
| ssl-server-certificate
string
|
Name of Certificate return to the client in every SSL connection.
|
||
| status
string
|
|
Enable/disable SIP.
|
|
| strict-register
string
|
|
Enable/disable only allow the registrar to connect.
|
|
| subscribe-rate
integer
|
SUBSCRIBE request rate limit (per second, per policy).
|
||
| unknown-header
string
|
|
Action for unknown SIP header.
|
|
| update-rate
integer
|
UPDATE request rate limit (per second, per policy).
|
||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
|
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: SIP.
fmgr_voip_profile_sip:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack-rate: <value of integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <value of integer>
call-keepalive: <value of integer>
cancel-rate: <value of integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <value of integer>
invite-rate: <value of integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <value of integer>
max-dialogs: <value of integer>
max-idle-dialogs: <value of integer>
max-line-length: <value of integer>
message-rate: <value of integer>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <value of integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <value of integer>
prack-rate: <value of integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <value of integer>
publish-rate: <value of integer>
refer-rate: <value of integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <value of integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <value of string>
ssl-auth-server: <value of string>
ssl-client-certificate: <value of string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <value of string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <value of integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <value of integer>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_voip_profile_sip_module.html