fortinet.fortios.fortios_firewall_gtp – Configure GTP in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_firewall_gtp.

New in version 2.10: of fortinet.fortios

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter				Choices/Defaults	Comments
access_token string					Token-based authentication. Generated from GUI of Fortigate.
enable_log boolean				Choices: no ← yes	Enable/Disable logging for task.
firewall_gtp dictionary					Configure GTP.
	addr_notify string				overbilling notify address
	apn list / elements=string				APN.
		action string		Choices: allow deny	Action.
		apnmember list / elements=string			APN member.
			name string / required		APN name. Source gtp.apn.name gtp.apngrp.name.
		id integer / required			ID.
		selection_mode list / elements=string		Choices: ms net vrf	APN selection mode.
	apn_filter string			Choices: enable disable	apn filter
	authorized_ggsns string				Authorized GGSN group Source firewall.address.name firewall.addrgrp.name.
	authorized_ggsns6 string				Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
	authorized_sgsns string				Authorized SGSN group Source firewall.address.name firewall.addrgrp.name.
	authorized_sgsns6 string				Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
	comment string				Comment.
	context_id integer				Overbilling context.
	control_plane_message_rate_limit integer				control plane message rate limit
	default_apn_action string			Choices: allow deny	default apn action
	default_imsi_action string			Choices: allow deny	default imsi action
	default_ip_action string			Choices: allow deny	default action for encapsulated IP traffic
	default_noip_action string			Choices: allow deny	default action for encapsulated non-IP traffic
	default_policy_action string			Choices: allow deny	default advanced policy action
	denied_log string			Choices: enable disable	log denied
	echo_request_interval integer				echo request interval (in seconds)
	extension_log string			Choices: enable disable	log in extension format
	forwarded_log string			Choices: enable disable	log forwarded
	global_tunnel_limit string				Global tunnel limit. Source gtp.tunnel-limit.name.
	gtp_in_gtp string			Choices: allow deny	gtp in gtp
	gtpu_denied_log string			Choices: enable disable	Enable/disable logging of denied GTP-U packets.
	gtpu_forwarded_log string			Choices: enable disable	Enable/disable logging of forwarded GTP-U packets.
	gtpu_log_freq integer				Logging of frequency of GTP-U packets.
	half_close_timeout integer				Half-close tunnel timeout (in seconds).
	half_open_timeout integer				Half-open tunnel timeout (in seconds).
	handover_group string				Handover SGSN group Source firewall.address.name firewall.addrgrp.name.
	handover_group6 string				Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
	ie_allow_list_v0v1 string				IE allow list. Source gtp.ie-allow-list.name.
	ie_allow_list_v2 string				IE allow list. Source gtp.ie-allow-list.name.
	ie_remove_policy list / elements=string				IE remove policy.
		id integer / required			ID.
		remove_ies string		Choices: apn-restriction rat-type rai uli imei	GTP IEs to be removed.
		sgsn_addr string			SGSN address name. Source firewall.address.name firewall.addrgrp.name.
		sgsn_addr6 string			SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
	ie_remover string			Choices: enable disable	IE removal policy.
	ie_validation dictionary				IE validation.
		apn_restriction string		Choices: enable disable	Validate APN restriction.
		charging_gateway_addr string		Choices: enable disable	Validate charging gateway address.
		charging_ID string		Choices: enable disable	Validate charging ID.
		end_user_addr string		Choices: enable disable	Validate end user address.
		gsn_addr string		Choices: enable disable	Validate GSN address.
		imei string		Choices: enable disable	Validate IMEI(SV).
		imsi string		Choices: enable disable	Validate IMSI.
		mm_context string		Choices: enable disable	Validate MM context.
		ms_tzone string		Choices: enable disable	Validate MS time zone.
		ms_validated string		Choices: enable disable	Validate MS validated.
		msisdn string		Choices: enable disable	Validate MSISDN.
		nsapi string		Choices: enable disable	Validate NSAPI.
		pdp_context string		Choices: enable disable	Validate PDP context.
		qos_profile string		Choices: enable disable	Validate Quality of Service(QoS) profile.
		rai string		Choices: enable disable	Validate RAI.
		rat_type string		Choices: enable disable	Validate RAT type.
		reordering_required string		Choices: enable disable	Validate re-ordering required.
		selection_mode string		Choices: enable disable	Validate selection mode.
		uli string		Choices: enable disable	Validate user location information.
	ie_white_list_v0v1 string				IE white list. Source gtp.ie-white-list.name.
	ie_white_list_v2 string				IE white list. Source gtp.ie-white-list.name.
	imsi list / elements=string				IMSI.
		action string		Choices: allow deny	Action.
		apnmember list / elements=string			APN member.
			name string / required		APN name. Source gtp.apn.name gtp.apngrp.name.
		id integer / required			ID.
		mcc_mnc string			MCC MNC.
		msisdn_prefix string			MSISDN prefix.
		selection_mode list / elements=string		Choices: ms net vrf	APN selection mode.
	imsi_filter string			Choices: enable disable	imsi filter
	interface_notify string				overbilling interface Source system.interface.name.
	invalid_reserved_field string			Choices: allow deny	Invalid reserved field in GTP header
	invalid_sgsns6_to_log string				Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name.
	invalid_sgsns_to_log string				Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name.
	ip_filter string			Choices: enable disable	IP filter for encapsulted traffic
	ip_policy list / elements=string				IP policy.
		action string		Choices: allow deny	Action.
		dstaddr string			Destination address name. Source firewall.address.name firewall.addrgrp.name.
		dstaddr6 string			Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
		id integer / required			ID.
		srcaddr string			Source address name. Source firewall.address.name firewall.addrgrp.name.
		srcaddr6 string			Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
	log_freq integer				Logging of frequency of GTP-C packets.
	log_gtpu_limit integer				the user data log limit (0-512 bytes)
	log_imsi_prefix string				IMSI prefix for selective logging.
	log_msisdn_prefix string				the msisdn prefix for selective logging
	max_message_length integer				max message length
	message_filter_v0v1 string				Message filter. Source gtp.message-filter-v0v1.name.
	message_filter_v2 string				Message filter. Source gtp.message-filter-v2.name.
	message_rate_limit dictionary				Message rate limiting.
		create_aa_pdp_request integer			Rate limit for create AA PDP context request (packets per second).
		create_aa_pdp_response integer			Rate limit for create AA PDP context response (packets per second).
		create_mbms_request integer			Rate limit for create MBMS context request (packets per second).
		create_mbms_response integer			Rate limit for create MBMS context response (packets per second).
		create_pdp_request integer			Rate limit for create PDP context request (packets per second).
		create_pdp_response integer			Rate limit for create PDP context response (packets per second).
		delete_aa_pdp_request integer			Rate limit for delete AA PDP context request (packets per second).
		delete_aa_pdp_response integer			Rate limit for delete AA PDP context response (packets per second).
		delete_mbms_request integer			Rate limit for delete MBMS context request (packets per second).
		delete_mbms_response integer			Rate limit for delete MBMS context response (packets per second).
		delete_pdp_request integer			Rate limit for delete PDP context request (packets per second).
		delete_pdp_response integer			Rate limit for delete PDP context response (packets per second).
		echo_reponse integer			Rate limit for echo response (packets per second).
		echo_request integer			Rate limit for echo requests (packets per second).
		error_indication integer			Rate limit for error indication (packets per second).
		failure_report_request integer			Rate limit for failure report request (packets per second).
		failure_report_response integer			Rate limit for failure report response (packets per second).
		fwd_reloc_complete_ack integer			Rate limit for forward relocation complete acknowledge (packets per second).
		fwd_relocation_complete integer			Rate limit for forward relocation complete (packets per second).
		fwd_relocation_request integer			Rate limit for forward relocation request (packets per second).
		fwd_relocation_response integer			Rate limit for forward relocation response (packets per second).
		fwd_srns_context integer			Rate limit for forward SRNS context (packets per second).
		fwd_srns_context_ack integer			Rate limit for forward SRNS context acknowledge (packets per second).
		g_pdu integer			Rate limit for G-PDU (packets per second).
		identification_request integer			Rate limit for identification request (packets per second).
		identification_response integer			Rate limit for identification response (packets per second).
		mbms_de_reg_request integer			Rate limit for MBMS de-registration request (packets per second).
		mbms_de_reg_response integer			Rate limit for MBMS de-registration response (packets per second).
		mbms_notify_rej_request integer			Rate limit for MBMS notification reject request (packets per second).
		mbms_notify_rej_response integer			Rate limit for MBMS notification reject response (packets per second).
		mbms_notify_request integer			Rate limit for MBMS notification request (packets per second).
		mbms_notify_response integer			Rate limit for MBMS notification response (packets per second).
		mbms_reg_request integer			Rate limit for MBMS registration request (packets per second).
		mbms_reg_response integer			Rate limit for MBMS registration response (packets per second).
		mbms_ses_start_request integer			Rate limit for MBMS session start request (packets per second).
		mbms_ses_start_response integer			Rate limit for MBMS session start response (packets per second).
		mbms_ses_stop_request integer			Rate limit for MBMS session stop request (packets per second).
		mbms_ses_stop_response integer			Rate limit for MBMS session stop response (packets per second).
		note_ms_request integer			Rate limit for note MS GPRS present request (packets per second).
		note_ms_response integer			Rate limit for note MS GPRS present response (packets per second).
		pdu_notify_rej_request integer			Rate limit for PDU notify reject request (packets per second).
		pdu_notify_rej_response integer			Rate limit for PDU notify reject response (packets per second).
		pdu_notify_request integer			Rate limit for PDU notify request (packets per second).
		pdu_notify_response integer			Rate limit for PDU notify response (packets per second).
		ran_info integer			Rate limit for RAN information relay (packets per second).
		relocation_cancel_request integer			Rate limit for relocation cancel request (packets per second).
		relocation_cancel_response integer			Rate limit for relocation cancel response (packets per second).
		send_route_request integer			Rate limit for send routing information for GPRS request (packets per second).
		send_route_response integer			Rate limit for send routing information for GPRS response (packets per second).
		sgsn_context_ack integer			Rate limit for SGSN context acknowledgement (packets per second).
		sgsn_context_request integer			Rate limit for SGSN context request (packets per second).
		sgsn_context_response integer			Rate limit for SGSN context response (packets per second).
		support_ext_hdr_notify integer			Rate limit for support extension headers notification (packets per second).
		update_mbms_request integer			Rate limit for update MBMS context request (packets per second).
		update_mbms_response integer			Rate limit for update MBMS context response (packets per second).
		update_pdp_request integer			Rate limit for update PDP context request (packets per second).
		update_pdp_response integer			Rate limit for update PDP context response (packets per second).
		version_not_support integer			Rate limit for version not supported (packets per second).
	message_rate_limit_v0 dictionary				Message rate limiting for GTP version 0.
		create_pdp_request integer			Rate limit (packets/s) for create PDP context request.
		delete_pdp_request integer			Rate limit (packets/s) for delete PDP context request.
		echo_request integer			Rate limit (packets/s) for echo request.
	message_rate_limit_v1 dictionary				Message rate limiting for GTP version 1.
		create_pdp_request integer			Rate limit (packets/s) for create PDP context request.
		delete_pdp_request integer			Rate limit (packets/s) for delete PDP context request.
		echo_request integer			Rate limit (packets/s) for echo request.
	message_rate_limit_v2 dictionary				Message rate limiting for GTP version 2.
		create_session_request integer			Rate limit (packets/s) for create session request.
		delete_session_request integer			Rate limit (packets/s) for delete session request.
		echo_request integer			Rate limit (packets/s) for echo request.
	min_message_length integer				min message length
	miss_must_ie string			Choices: allow deny	Missing mandatory information element
	monitor_mode string			Choices: enable disable vdom	GTP monitor mode
	name string / required				Profile name.
	noip_filter string			Choices: enable disable	non-IP filter for encapsulted traffic
	noip_policy list / elements=string				No IP policy.
		action string		Choices: allow deny	Action.
		end integer			End of protocol range (0 - 255).
		id integer / required			ID.
		start integer			Start of protocol range (0 - 255).
		type string		Choices: etsi ietf	Protocol field type.
	out_of_state_ie string			Choices: allow deny	Out of state information element.
	out_of_state_message string			Choices: allow deny	Out of state GTP message
	per_apn_shaper list / elements=string				Per APN shaper.
		apn string			APN name. Source gtp.apn.name.
		id integer / required			ID.
		rate_limit integer			Rate limit (packets/s) for create PDP context request.
		version integer			GTP version number: 0 or 1.
	policy list / elements=string				Policy.
		action string		Choices: allow deny	Action.
		apn_sel_mode list / elements=string		Choices: ms net vrf	APN selection mode.
		apnmember list / elements=string			APN member.
			name string / required		APN name. Source gtp.apn.name gtp.apngrp.name.
		id integer / required			ID.
		imei string			IMEI(SV) pattern.
		imsi string			IMSI prefix.
		imsi_prefix string			IMSI prefix.
		max_apn_restriction string		Choices: all public-1 public-2 private-1 private-2	Maximum APN restriction value.
		messages list / elements=string		Choices: create-req create-res update-req update-res	GTP messages.
		msisdn string			MSISDN prefix.
		msisdn_prefix string			MSISDN prefix.
		rai string			RAI pattern.
		rat_type list / elements=string		Choices: any utran geran wlan gan hspa eutran virtual nbiot	RAT Type.
		uli string			ULI pattern.
	policy_filter string			Choices: enable disable	Advanced policy filter
	policy_v2 list / elements=string				Apply allow or deny action to each GTPv2-c packet.
		action string		Choices: allow deny	Action.
		apn_sel_mode string		Choices: ms net vrf	APN selection mode.
		apnmember list / elements=string			APN member.
			name string / required		APN name. Source gtp.apn.name gtp.apngrp.name.
		id integer / required			ID.
		imsi_prefix string			IMSI prefix.
		max_apn_restriction string		Choices: all public-1 public-2 private-1 private-2	Maximum APN restriction value.
		mei string			MEI pattern.
		messages string		Choices: create-ses-req create-ses-res modify-bearer-req modify-bearer-res	GTP messages.
		msisdn_prefix string			MSISDN prefix.
		rat_type string		Choices: any utran geran wlan gan hspa eutran virtual nbiot ltem nr	RAT Type.
		uli string			GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI).
	port_notify integer				overbilling notify port
	rate_limit_mode string			Choices: per-profile per-stream per-apn	GTP rate limit mode.
	rate_limited_log string			Choices: enable disable	log rate limited
	rate_sampling_interval integer				rate sampling interval (1-3600 seconds)
	remove_if_echo_expires string			Choices: enable disable	remove if echo response expires
	remove_if_recovery_differ string			Choices: enable disable	remove upon different Recovery IE
	reserved_ie string			Choices: allow deny	reserved information element
	send_delete_when_timeout string			Choices: enable disable	send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.
	send_delete_when_timeout_v2 string			Choices: enable disable	send DELETE request to path endpoints when GTPv2 tunnel timeout.
	spoof_src_addr string			Choices: allow deny	Spoofed source address for Mobile Station.
	state_invalid_log string			Choices: enable disable	log state invalid
	sub_second_interval string			Choices: 0.5 0.25 0.1	Sub-second interval (0.1, 0.25, or 0.5 sec).
	sub_second_sampling string			Choices: enable disable	Enable/disable sub-second sampling.
	traffic_count_log string			Choices: enable disable	log tunnel traffic counter
	tunnel_limit integer				tunnel limit
	tunnel_limit_log string			Choices: enable disable	tunnel limit
	tunnel_timeout integer				Established tunnel timeout (in seconds).
	unknown_version_action string			Choices: allow deny	action for unknown gtp version
	user_plane_message_rate_limit integer				user plane message rate limit
	warning_threshold integer				Warning threshold for rate limiting (0 - 99 percent).
state string / required				Choices: present absent	Indicates whether to create or remove the object.
vdom string				Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure GTP.
    fortios_firewall_gtp:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      firewall_gtp:
        addr_notify: "<your_own_value>"
        apn:
         -
            action: "allow"
            apnmember:
             -
                name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)"
            id:  "8"
            selection_mode: "ms"
        apn_filter: "enable"
        authorized_ggsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        authorized_ggsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        authorized_sgsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        authorized_sgsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        comment: "Comment."
        context_id: "16"
        control_plane_message_rate_limit: "17"
        default_apn_action: "allow"
        default_imsi_action: "allow"
        default_ip_action: "allow"
        default_noip_action: "allow"
        default_policy_action: "allow"
        denied_log: "enable"
        echo_request_interval: "24"
        extension_log: "enable"
        forwarded_log: "enable"
        global_tunnel_limit: "<your_own_value> (source gtp.tunnel-limit.name)"
        gtp_in_gtp: "allow"
        gtpu_denied_log: "enable"
        gtpu_forwarded_log: "enable"
        gtpu_log_freq: "31"
        half_close_timeout: "32"
        half_open_timeout: "33"
        handover_group: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        handover_group6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ie_allow_list_v0v1: "<your_own_value> (source gtp.ie-allow-list.name)"
        ie_allow_list_v2: "<your_own_value> (source gtp.ie-allow-list.name)"
        ie_remove_policy:
         -
            id:  "39"
            remove_ies: "apn-restriction"
            sgsn_addr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            sgsn_addr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ie_remover: "enable"
        ie_validation:
            apn_restriction: "enable"
            charging_gateway_addr: "enable"
            charging_ID: "enable"
            end_user_addr: "enable"
            gsn_addr: "enable"
            imei: "enable"
            imsi: "enable"
            mm_context: "enable"
            ms_tzone: "enable"
            ms_validated: "enable"
            msisdn: "enable"
            nsapi: "enable"
            pdp_context: "enable"
            qos_profile: "enable"
            rai: "enable"
            rat_type: "enable"
            reordering_required: "enable"
            selection_mode: "enable"
            uli: "enable"
        ie_white_list_v0v1: "<your_own_value> (source gtp.ie-white-list.name)"
        ie_white_list_v2: "<your_own_value> (source gtp.ie-white-list.name)"
        imsi:
         -
            action: "allow"
            apnmember:
             -
                name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)"
            id:  "70"
            mcc_mnc: "<your_own_value>"
            msisdn_prefix: "<your_own_value>"
            selection_mode: "ms"
        imsi_filter: "enable"
        interface_notify: "<your_own_value> (source system.interface.name)"
        invalid_reserved_field: "allow"
        invalid_sgsns_to_log: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
        invalid_sgsns6_to_log: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        ip_filter: "enable"
        ip_policy:
         -
            action: "allow"
            dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            dstaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
            id:  "84"
            srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
            srcaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
        log_freq: "87"
        log_gtpu_limit: "88"
        log_imsi_prefix: "<your_own_value>"
        log_msisdn_prefix: "<your_own_value>"
        max_message_length: "91"
        message_filter_v0v1: "<your_own_value> (source gtp.message-filter-v0v1.name)"
        message_filter_v2: "<your_own_value> (source gtp.message-filter-v2.name)"
        message_rate_limit:
            create_aa_pdp_request: "95"
            create_aa_pdp_response: "96"
            create_mbms_request: "97"
            create_mbms_response: "98"
            create_pdp_request: "99"
            create_pdp_response: "100"
            delete_aa_pdp_request: "101"
            delete_aa_pdp_response: "102"
            delete_mbms_request: "103"
            delete_mbms_response: "104"
            delete_pdp_request: "105"
            delete_pdp_response: "106"
            echo_reponse: "107"
            echo_request: "108"
            error_indication: "109"
            failure_report_request: "110"
            failure_report_response: "111"
            fwd_reloc_complete_ack: "112"
            fwd_relocation_complete: "113"
            fwd_relocation_request: "114"
            fwd_relocation_response: "115"
            fwd_srns_context: "116"
            fwd_srns_context_ack: "117"
            g_pdu: "118"
            identification_request: "119"
            identification_response: "120"
            mbms_de_reg_request: "121"
            mbms_de_reg_response: "122"
            mbms_notify_rej_request: "123"
            mbms_notify_rej_response: "124"
            mbms_notify_request: "125"
            mbms_notify_response: "126"
            mbms_reg_request: "127"
            mbms_reg_response: "128"
            mbms_ses_start_request: "129"
            mbms_ses_start_response: "130"
            mbms_ses_stop_request: "131"
            mbms_ses_stop_response: "132"
            note_ms_request: "133"
            note_ms_response: "134"
            pdu_notify_rej_request: "135"
            pdu_notify_rej_response: "136"
            pdu_notify_request: "137"
            pdu_notify_response: "138"
            ran_info: "139"
            relocation_cancel_request: "140"
            relocation_cancel_response: "141"
            send_route_request: "142"
            send_route_response: "143"
            sgsn_context_ack: "144"
            sgsn_context_request: "145"
            sgsn_context_response: "146"
            support_ext_hdr_notify: "147"
            update_mbms_request: "148"
            update_mbms_response: "149"
            update_pdp_request: "150"
            update_pdp_response: "151"
            version_not_support: "152"
        message_rate_limit_v0:
            create_pdp_request: "154"
            delete_pdp_request: "155"
            echo_request: "156"
        message_rate_limit_v1:
            create_pdp_request: "158"
            delete_pdp_request: "159"
            echo_request: "160"
        message_rate_limit_v2:
            create_session_request: "162"
            delete_session_request: "163"
            echo_request: "164"
        min_message_length: "165"
        miss_must_ie: "allow"
        monitor_mode: "enable"
        name: "default_name_168"
        noip_filter: "enable"
        noip_policy:
         -
            action: "allow"
            end: "172"
            id:  "173"
            start: "174"
            type: "etsi"
        out_of_state_ie: "allow"
        out_of_state_message: "allow"
        per_apn_shaper:
         -
            apn: "<your_own_value> (source gtp.apn.name)"
            id:  "180"
            rate_limit: "181"
            version: "182"
        policy:
         -
            action: "allow"
            apn_sel_mode: "ms"
            apnmember:
             -
                name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)"
            id:  "188"
            imei: "<your_own_value>"
            imsi: "<your_own_value>"
            imsi_prefix: "<your_own_value>"
            max_apn_restriction: "all"
            messages: "create-req"
            msisdn: "<your_own_value>"
            msisdn_prefix: "<your_own_value>"
            rai: "<your_own_value>"
            rat_type: "any"
            uli: "<your_own_value>"
        policy_filter: "enable"
        policy_v2:
         -
            action: "allow"
            apn_sel_mode: "ms"
            apnmember:
             -
                name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)"
            id:  "205"
            imsi_prefix: "<your_own_value>"
            max_apn_restriction: "all"
            mei: "<your_own_value>"
            messages: "create-ses-req"
            msisdn_prefix: "<your_own_value>"
            rat_type: "any"
            uli: "<your_own_value>"
        port_notify: "213"
        rate_limit_mode: "per-profile"
        rate_limited_log: "enable"
        rate_sampling_interval: "216"
        remove_if_echo_expires: "enable"
        remove_if_recovery_differ: "enable"
        reserved_ie: "allow"
        send_delete_when_timeout: "enable"
        send_delete_when_timeout_v2: "enable"
        spoof_src_addr: "allow"
        state_invalid_log: "enable"
        sub_second_interval: "0.5"
        sub_second_sampling: "enable"
        traffic_count_log: "enable"
        tunnel_limit: "227"
        tunnel_limit_log: "enable"
        tunnel_timeout: "229"
        unknown_version_action: "allow"
        user_plane_message_rate_limit: "231"
        warning_threshold: "232"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_firewall_gtp_module.html

Docs

Docs4dev

Title here