ansible / ansible.builtin / v2.8.11 / module / fortios_voip_profile Configure VoIP profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.8 of ansible.builtin" Authors: Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityansible.builtin.fortios_voip_profile (v2.8.11) — module
pip
Install with pip install ansible==2.8.11
This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" tasks: - name: Configure VoIP profiles. fortios_voip_profile: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" https: "False" voip_profile: state: "present" comment: "Comment." name: "default_name_4" sccp: block-mcast: "disable" log-call-summary: "disable" log-violations: "disable" max-calls: "9" status: "disable" verify-header: "disable" sip: ack-rate: "13" block-ack: "disable" block-bye: "disable" block-cancel: "disable" block-geo-red-options: "disable" block-info: "disable" block-invite: "disable" block-long-lines: "disable" block-message: "disable" block-notify: "disable" block-options: "disable" block-prack: "disable" block-publish: "disable" block-refer: "disable" block-register: "disable" block-subscribe: "disable" block-unknown: "disable" block-update: "disable" bye-rate: "31" call-keepalive: "32" cancel-rate: "33" contact-fixup: "disable" hnt-restrict-source-ip: "disable" hosted-nat-traversal: "disable" info-rate: "37" invite-rate: "38" ips-rtp: "disable" log-call-summary: "disable" log-violations: "disable" malformed-header-allow: "discard" malformed-header-call-id: "discard" malformed-header-contact: "discard" malformed-header-content-length: "discard" malformed-header-content-type: "discard" malformed-header-cseq: "discard" malformed-header-expires: "discard" malformed-header-from: "discard" malformed-header-max-forwards: "discard" malformed-header-p-asserted-identity: "discard" malformed-header-rack: "discard" malformed-header-record-route: "discard" malformed-header-route: "discard" malformed-header-rseq: "discard" malformed-header-sdp-a: "discard" malformed-header-sdp-b: "discard" malformed-header-sdp-c: "discard" malformed-header-sdp-i: "discard" malformed-header-sdp-k: "discard" malformed-header-sdp-m: "discard" malformed-header-sdp-o: "discard" malformed-header-sdp-r: "discard" malformed-header-sdp-s: "discard" malformed-header-sdp-t: "discard" malformed-header-sdp-v: "discard" malformed-header-sdp-z: "discard" malformed-header-to: "discard" malformed-header-via: "discard" malformed-request-line: "discard" max-body-length: "71" max-dialogs: "72" max-idle-dialogs: "73" max-line-length: "74" message-rate: "75" nat-trace: "disable" no-sdp-fixup: "disable" notify-rate: "78" open-contact-pinhole: "disable" open-record-route-pinhole: "disable" open-register-pinhole: "disable" open-via-pinhole: "disable" options-rate: "83" prack-rate: "84" preserve-override: "disable" provisional-invite-expiry-time: "86" publish-rate: "87" refer-rate: "88" register-contact-trace: "disable" register-rate: "90" rfc2543-branch: "disable" rtp: "disable" ssl-algorithm: "high" ssl-auth-client: "<your_own_value> (source user.peer.name user.peergrp.name)" ssl-auth-server: "<your_own_value> (source user.peer.name user.peergrp.name)" ssl-client-certificate: "<your_own_value> (source vpn.certificate.local.name)" ssl-client-renegotiation: "allow" ssl-max-version: "ssl-3.0" ssl-min-version: "ssl-3.0" ssl-mode: "off" ssl-pfs: "require" ssl-send-empty-frags: "enable" ssl-server-certificate: "<your_own_value> (source vpn.certificate.local.name)" status: "disable" strict-register: "disable" subscribe-rate: "106" unknown-header: "discard" update-rate: "108"
host: description: - FortiOS or FortiGate ip address. required: true vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. https: default: true description: - Indicates if the requests towards FortiGate must use HTTPS protocol type: bool password: default: '' description: - FortiOS or FortiGate password. username: description: - FortiOS or FortiGate username. required: true voip_profile: default: null description: - Configure VoIP profiles. suboptions: comment: description: - Comment. name: description: - Profile name. required: true sccp: description: - SCCP. suboptions: block-mcast: choices: - disable - enable description: - Enable/disable block multicast RTP connections. log-call-summary: choices: - disable - enable description: - Enable/disable log summary of SCCP calls. log-violations: choices: - disable - enable description: - Enable/disable logging of SCCP violations. max-calls: description: - Maximum calls per minute per SCCP client (max 65535). status: choices: - disable - enable description: - Enable/disable SCCP. verify-header: choices: - disable - enable description: - Enable/disable verify SCCP header content. sip: description: - SIP. suboptions: ack-rate: description: - ACK request rate limit (per second, per policy). block-ack: choices: - disable - enable description: - Enable/disable block ACK requests. block-bye: choices: - disable - enable description: - Enable/disable block BYE requests. block-cancel: choices: - disable - enable description: - Enable/disable block CANCEL requests. block-geo-red-options: choices: - disable - enable description: - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. block-info: choices: - disable - enable description: - Enable/disable block INFO requests. block-invite: choices: - disable - enable description: - Enable/disable block INVITE requests. block-long-lines: choices: - disable - enable description: - Enable/disable block requests with headers exceeding max-line-length. block-message: choices: - disable - enable description: - Enable/disable block MESSAGE requests. block-notify: choices: - disable - enable description: - Enable/disable block NOTIFY requests. block-options: choices: - disable - enable description: - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. block-prack: choices: - disable - enable description: - Enable/disable block prack requests. block-publish: choices: - disable - enable description: - Enable/disable block PUBLISH requests. block-refer: choices: - disable - enable description: - Enable/disable block REFER requests. block-register: choices: - disable - enable description: - Enable/disable block REGISTER requests. block-subscribe: choices: - disable - enable description: - Enable/disable block SUBSCRIBE requests. block-unknown: choices: - disable - enable description: - Block unrecognized SIP requests (enabled by default). block-update: choices: - disable - enable description: - Enable/disable block UPDATE requests. bye-rate: description: - BYE request rate limit (per second, per policy). call-keepalive: description: - Continue tracking calls with no RTP for this many minutes. cancel-rate: description: - CANCEL request rate limit (per second, per policy). contact-fixup: choices: - disable - enable description: - Fixup contact anyway even if contact's IP:port doesn't match session's IP:port. hnt-restrict-source-ip: choices: - disable - enable description: - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. hosted-nat-traversal: choices: - disable - enable description: - Hosted NAT Traversal (HNT). info-rate: description: - INFO request rate limit (per second, per policy). invite-rate: description: - INVITE request rate limit (per second, per policy). ips-rtp: choices: - disable - enable description: - Enable/disable allow IPS on RTP. log-call-summary: choices: - disable - enable description: - Enable/disable logging of SIP call summary. log-violations: choices: - disable - enable description: - Enable/disable logging of SIP violations. malformed-header-allow: choices: - discard - pass - respond description: - Action for malformed Allow header. malformed-header-call-id: choices: - discard - pass - respond description: - Action for malformed Call-ID header. malformed-header-contact: choices: - discard - pass - respond description: - Action for malformed Contact header. malformed-header-content-length: choices: - discard - pass - respond description: - Action for malformed Content-Length header. malformed-header-content-type: choices: - discard - pass - respond description: - Action for malformed Content-Type header. malformed-header-cseq: choices: - discard - pass - respond description: - Action for malformed CSeq header. malformed-header-expires: choices: - discard - pass - respond description: - Action for malformed Expires header. malformed-header-from: choices: - discard - pass - respond description: - Action for malformed From header. malformed-header-max-forwards: choices: - discard - pass - respond description: - Action for malformed Max-Forwards header. malformed-header-p-asserted-identity: choices: - discard - pass - respond description: - Action for malformed P-Asserted-Identity header. malformed-header-rack: choices: - discard - pass - respond description: - Action for malformed RAck header. malformed-header-record-route: choices: - discard - pass - respond description: - Action for malformed Record-Route header. malformed-header-route: choices: - discard - pass - respond description: - Action for malformed Route header. malformed-header-rseq: choices: - discard - pass - respond description: - Action for malformed RSeq header. malformed-header-sdp-a: choices: - discard - pass - respond description: - Action for malformed SDP a line. malformed-header-sdp-b: choices: - discard - pass - respond description: - Action for malformed SDP b line. malformed-header-sdp-c: choices: - discard - pass - respond description: - Action for malformed SDP c line. malformed-header-sdp-i: choices: - discard - pass - respond description: - Action for malformed SDP i line. malformed-header-sdp-k: choices: - discard - pass - respond description: - Action for malformed SDP k line. malformed-header-sdp-m: choices: - discard - pass - respond description: - Action for malformed SDP m line. malformed-header-sdp-o: choices: - discard - pass - respond description: - Action for malformed SDP o line. malformed-header-sdp-r: choices: - discard - pass - respond description: - Action for malformed SDP r line. malformed-header-sdp-s: choices: - discard - pass - respond description: - Action for malformed SDP s line. malformed-header-sdp-t: choices: - discard - pass - respond description: - Action for malformed SDP t line. malformed-header-sdp-v: choices: - discard - pass - respond description: - Action for malformed SDP v line. malformed-header-sdp-z: choices: - discard - pass - respond description: - Action for malformed SDP z line. malformed-header-to: choices: - discard - pass - respond description: - Action for malformed To header. malformed-header-via: choices: - discard - pass - respond description: - Action for malformed VIA header. malformed-request-line: choices: - discard - pass - respond description: - Action for malformed request line. max-body-length: description: - Maximum SIP message body length (0 meaning no limit). max-dialogs: description: - Maximum number of concurrent calls/dialogs (per policy). max-idle-dialogs: description: - Maximum number established but idle dialogs to retain (per policy). max-line-length: description: - Maximum SIP header line length (78-4096). message-rate: description: - MESSAGE request rate limit (per second, per policy). nat-trace: choices: - disable - enable description: - Enable/disable preservation of original IP in SDP i line. no-sdp-fixup: choices: - disable - enable description: - Enable/disable no SDP fix-up. notify-rate: description: - NOTIFY request rate limit (per second, per policy). open-contact-pinhole: choices: - disable - enable description: - Enable/disable open pinhole for non-REGISTER Contact port. open-record-route-pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Record-Route port. open-register-pinhole: choices: - disable - enable description: - Enable/disable open pinhole for REGISTER Contact port. open-via-pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Via port. options-rate: description: - OPTIONS request rate limit (per second, per policy). prack-rate: description: - PRACK request rate limit (per second, per policy). preserve-override: choices: - disable - enable description: - 'Override i line to preserve original IPS (default: append).' provisional-invite-expiry-time: description: - Expiry time for provisional INVITE (10 - 3600 sec). publish-rate: description: - PUBLISH request rate limit (per second, per policy). refer-rate: description: - REFER request rate limit (per second, per policy). register-contact-trace: choices: - disable - enable description: - Enable/disable trace original IP/port within the contact header of REGISTER requests. register-rate: description: - REGISTER request rate limit (per second, per policy). rfc2543-branch: choices: - disable - enable description: - Enable/disable support via branch compliant with RFC 2543. rtp: choices: - disable - enable description: - Enable/disable create pinholes for RTP traffic to traverse firewall. ssl-algorithm: choices: - high - medium - low description: - Relative strength of encryption algorithms accepted in negotiation. ssl-auth-client: description: - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. ssl-auth-server: description: - Authenticate the server's certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. ssl-client-certificate: description: - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. ssl-client-renegotiation: choices: - allow - deny - secure description: - Allow/block client renegotiation by server. ssl-max-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 description: - Highest SSL/TLS version to negotiate. ssl-min-version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 description: - Lowest SSL/TLS version to negotiate. ssl-mode: choices: - false - full description: - SSL/TLS mode for encryption & decryption of traffic. ssl-pfs: choices: - require - deny - allow description: - SSL Perfect Forward Secrecy. ssl-send-empty-frags: choices: - enable - disable description: - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). ssl-server-certificate: description: - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. status: choices: - disable - enable description: - Enable/disable SIP. strict-register: choices: - disable - enable description: - Enable/disable only allow the registrar to connect. subscribe-rate: description: - SUBSCRIBE request rate limit (per second, per policy). unknown-header: choices: - discard - pass - respond description: - Action for unknown SIP header. update-rate: description: - UPDATE request rate limit (per second, per policy). state: choices: - present - absent description: - Indicates whether to create or remove the object
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str