fortinet.fortimanager.fmgr_voip_profile_sip – SIP.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| adom
string / required
|
the parameter (adom) in requested url
|
||
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
|
| enable_log
boolean
|
|
Enable/Disable logging for task
|
|
| profile
string / required
|
the parameter (profile) in requested url
|
||
| proposed_method
string
|
|
The overridden method for the underlying Json RPC request
|
|
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
||
| state
string / required
|
|
the directive to create, update or delete an object
|
|
| voip_profile_sip
dictionary
|
the top level parameters set
|
||
| ack-rate
integer
|
ACK request rate limit (per second, per policy).
|
||
| ack-rate-track
string
|
|
Track the packet protocol field.
|
|
| block-ack
string
|
|
Enable/disable block ACK requests.
|
|
| block-bye
string
|
|
Enable/disable block BYE requests.
|
|
| block-cancel
string
|
|
Enable/disable block CANCEL requests.
|
|
| block-geo-red-options
string
|
|
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
|
|
| block-info
string
|
|
Enable/disable block INFO requests.
|
|
| block-invite
string
|
|
Enable/disable block INVITE requests.
|
|
| block-long-lines
string
|
|
Enable/disable block requests with headers exceeding max-line-length.
|
|
| block-message
string
|
|
Enable/disable block MESSAGE requests.
|
|
| block-notify
string
|
|
Enable/disable block NOTIFY requests.
|
|
| block-options
string
|
|
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
|
|
| block-prack
string
|
|
Enable/disable block prack requests.
|
|
| block-publish
string
|
|
Enable/disable block PUBLISH requests.
|
|
| block-refer
string
|
|
Enable/disable block REFER requests.
|
|
| block-register
string
|
|
Enable/disable block REGISTER requests.
|
|
| block-subscribe
string
|
|
Enable/disable block SUBSCRIBE requests.
|
|
| block-unknown
string
|
|
Block unrecognized SIP requests (enabled by default).
|
|
| block-update
string
|
|
Enable/disable block UPDATE requests.
|
|
| bye-rate
integer
|
BYE request rate limit (per second, per policy).
|
||
| bye-rate-track
string
|
|
Track the packet protocol field.
|
|
| call-keepalive
integer
|
Continue tracking calls with no RTP for this many minutes.
|
||
| cancel-rate
integer
|
CANCEL request rate limit (per second, per policy).
|
||
| cancel-rate-track
string
|
|
Track the packet protocol field.
|
|
| contact-fixup
string
|
|
Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port.
|
|
| hnt-restrict-source-ip
string
|
|
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
|
|
| hosted-nat-traversal
string
|
|
Hosted NAT Traversal (HNT).
|
|
| info-rate
integer
|
INFO request rate limit (per second, per policy).
|
||
| info-rate-track
string
|
|
Track the packet protocol field.
|
|
| invite-rate
integer
|
INVITE request rate limit (per second, per policy).
|
||
| invite-rate-track
string
|
|
Track the packet protocol field.
|
|
| ips-rtp
string
|
|
Enable/disable allow IPS on RTP.
|
|
| log-call-summary
string
|
|
Enable/disable logging of SIP call summary.
|
|
| log-violations
string
|
|
Enable/disable logging of SIP violations.
|
|
| malformed-header-allow
string
|
|
Action for malformed Allow header.
|
|
| malformed-header-call-id
string
|
|
Action for malformed Call-ID header.
|
|
| malformed-header-contact
string
|
|
Action for malformed Contact header.
|
|
| malformed-header-content-length
string
|
|
Action for malformed Content-Length header.
|
|
| malformed-header-content-type
string
|
|
Action for malformed Content-Type header.
|
|
| malformed-header-cseq
string
|
|
Action for malformed CSeq header.
|
|
| malformed-header-expires
string
|
|
Action for malformed Expires header.
|
|
| malformed-header-from
string
|
|
Action for malformed From header.
|
|
| malformed-header-max-forwards
string
|
|
Action for malformed Max-Forwards header.
|
|
| malformed-header-no-proxy-require
string
|
|
Action for malformed SIP messages without Proxy-Require header.
|
|
| malformed-header-no-require
string
|
|
Action for malformed SIP messages without Require header.
|
|
| malformed-header-p-asserted-identity
string
|
|
Action for malformed P-Asserted-Identity header.
|
|
| malformed-header-rack
string
|
|
Action for malformed RAck header.
|
|
| malformed-header-record-route
string
|
|
Action for malformed Record-Route header.
|
|
| malformed-header-route
string
|
|
Action for malformed Route header.
|
|
| malformed-header-rseq
string
|
|
Action for malformed RSeq header.
|
|
| malformed-header-sdp-a
string
|
|
Action for malformed SDP a line.
|
|
| malformed-header-sdp-b
string
|
|
Action for malformed SDP b line.
|
|
| malformed-header-sdp-c
string
|
|
Action for malformed SDP c line.
|
|
| malformed-header-sdp-i
string
|
|
Action for malformed SDP i line.
|
|
| malformed-header-sdp-k
string
|
|
Action for malformed SDP k line.
|
|
| malformed-header-sdp-m
string
|
|
Action for malformed SDP m line.
|
|
| malformed-header-sdp-o
string
|
|
Action for malformed SDP o line.
|
|
| malformed-header-sdp-r
string
|
|
Action for malformed SDP r line.
|
|
| malformed-header-sdp-s
string
|
|
Action for malformed SDP s line.
|
|
| malformed-header-sdp-t
string
|
|
Action for malformed SDP t line.
|
|
| malformed-header-sdp-v
string
|
|
Action for malformed SDP v line.
|
|
| malformed-header-sdp-z
string
|
|
Action for malformed SDP z line.
|
|
| malformed-header-to
string
|
|
Action for malformed To header.
|
|
| malformed-header-via
string
|
|
Action for malformed VIA header.
|
|
| malformed-request-line
string
|
|
Action for malformed request line.
|
|
| max-body-length
integer
|
Maximum SIP message body length (0 meaning no limit).
|
||
| max-dialogs
integer
|
Maximum number of concurrent calls/dialogs (per policy).
|
||
| max-idle-dialogs
integer
|
Maximum number established but idle dialogs to retain (per policy).
|
||
| max-line-length
integer
|
Maximum SIP header line length (78-4096).
|
||
| message-rate
integer
|
MESSAGE request rate limit (per second, per policy).
|
||
| message-rate-track
string
|
|
Track the packet protocol field.
|
|
| nat-port-range
string
|
RTP NAT port range.
|
||
| nat-trace
string
|
|
Enable/disable preservation of original IP in SDP i line.
|
|
| no-sdp-fixup
string
|
|
Enable/disable no SDP fix-up.
|
|
| notify-rate
integer
|
NOTIFY request rate limit (per second, per policy).
|
||
| notify-rate-track
string
|
|
Track the packet protocol field.
|
|
| open-contact-pinhole
string
|
|
Enable/disable open pinhole for non-REGISTER Contact port.
|
|
| open-record-route-pinhole
string
|
|
Enable/disable open pinhole for Record-Route port.
|
|
| open-register-pinhole
string
|
|
Enable/disable open pinhole for REGISTER Contact port.
|
|
| open-via-pinhole
string
|
|
Enable/disable open pinhole for Via port.
|
|
| options-rate
integer
|
OPTIONS request rate limit (per second, per policy).
|
||
| options-rate-track
string
|
|
Track the packet protocol field.
|
|
| prack-rate
integer
|
PRACK request rate limit (per second, per policy).
|
||
| prack-rate-track
string
|
|
Track the packet protocol field.
|
|
| preserve-override
string
|
|
Override i line to preserve original IPS (default: append).
|
|
| provisional-invite-expiry-time
integer
|
Expiry time for provisional INVITE (10 - 3600 sec).
|
||
| publish-rate
integer
|
PUBLISH request rate limit (per second, per policy).
|
||
| publish-rate-track
string
|
|
Track the packet protocol field.
|
|
| refer-rate
integer
|
REFER request rate limit (per second, per policy).
|
||
| refer-rate-track
string
|
|
Track the packet protocol field.
|
|
| register-contact-trace
string
|
|
Enable/disable trace original IP/port within the contact header of REGISTER requests.
|
|
| register-rate
integer
|
REGISTER request rate limit (per second, per policy).
|
||
| register-rate-track
string
|
|
Track the packet protocol field.
|
|
| rfc2543-branch
string
|
|
Enable/disable support via branch compliant with RFC 2543.
|
|
| rtp
string
|
|
Enable/disable create pinholes for RTP traffic to traverse firewall.
|
|
| ssl-algorithm
string
|
|
Relative strength of encryption algorithms accepted in negotiation.
|
|
| ssl-auth-client
string
|
Require a client certificate and authenticate it with the peer/peergrp.
|
||
| ssl-auth-server
string
|
Authenticate the servers certificate with the peer/peergrp.
|
||
| ssl-client-certificate
string
|
Name of Certificate to offer to server if requested.
|
||
| ssl-client-renegotiation
string
|
|
Allow/block client renegotiation by server.
|
|
| ssl-max-version
string
|
|
Highest SSL/TLS version to negotiate.
|
|
| ssl-min-version
string
|
|
Lowest SSL/TLS version to negotiate.
|
|
| ssl-mode
string
|
|
SSL/TLS mode for encryption & decryption of traffic.
|
|
| ssl-pfs
string
|
|
SSL Perfect Forward Secrecy.
|
|
| ssl-send-empty-frags
string
|
|
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
|
|
| ssl-server-certificate
string
|
Name of Certificate return to the client in every SSL connection.
|
||
| status
string
|
|
Enable/disable SIP.
|
|
| strict-register
string
|
|
Enable/disable only allow the registrar to connect.
|
|
| subscribe-rate
integer
|
SUBSCRIBE request rate limit (per second, per policy).
|
||
| subscribe-rate-track
string
|
|
Track the packet protocol field.
|
|
| unknown-header
string
|
|
Action for unknown SIP header.
|
|
| update-rate
integer
|
UPDATE request rate limit (per second, per policy).
|
||
| update-rate-track
string
|
|
Track the packet protocol field.
|
|
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
|
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: SIP.
fmgr_voip_profile_sip:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack-rate: <value of integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <value of integer>
call-keepalive: <value of integer>
cancel-rate: <value of integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <value of integer>
invite-rate: <value of integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <value of integer>
max-dialogs: <value of integer>
max-idle-dialogs: <value of integer>
max-line-length: <value of integer>
message-rate: <value of integer>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <value of integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <value of integer>
prack-rate: <value of integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <value of integer>
publish-rate: <value of integer>
refer-rate: <value of integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <value of integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <value of string>
ssl-auth-server: <value of string>
ssl-client-certificate: <value of string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <value of string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <value of integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <value of integer>
nat-port-range: <value of string>
ack-rate-track: <value in [none, src-ip, dest-ip]>
bye-rate-track: <value in [none, src-ip, dest-ip]>
cancel-rate-track: <value in [none, src-ip, dest-ip]>
info-rate-track: <value in [none, src-ip, dest-ip]>
invite-rate-track: <value in [none, src-ip, dest-ip]>
malformed-header-no-proxy-require: <value in [pass, discard, respond]>
malformed-header-no-require: <value in [pass, discard, respond]>
message-rate-track: <value in [none, src-ip, dest-ip]>
notify-rate-track: <value in [none, src-ip, dest-ip]>
options-rate-track: <value in [none, src-ip, dest-ip]>
prack-rate-track: <value in [none, src-ip, dest-ip]>
publish-rate-track: <value in [none, src-ip, dest-ip]>
refer-rate-track: <value in [none, src-ip, dest-ip]>
register-rate-track: <value in [none, src-ip, dest-ip]>
subscribe-rate-track: <value in [none, src-ip, dest-ip]>
update-rate-track: <value in [none, src-ip, dest-ip]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_voip_profile_sip_module.html