ansible / ansible.builtin / v2.9.3 / module / fmgr_secprof_voip VOIP security profiles in FMG | "added in version" 2.8 of ansible.builtin" Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng) preview | supported by communityansible.builtin.fmgr_secprof_voip (v2.9.3) — module
pip
Install with pip install ansible==2.9.3
Manage VOIP security profiles in FortiManager via API
- name: DELETE Profile fmgr_secprof_voip: name: "Ansible_VOIP_Profile" mode: "delete"
- name: Create FMGR_VOIP_PROFILE fmgr_secprof_voip: mode: "set" adom: "root" name: "Ansible_VOIP_Profile" comment: "Created by Ansible" sccp: {block-mcast: "enable", log-call-summary: "enable", log-violations: "enable", status: "enable"}
sip: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false adom: default: root description: - The ADOM the configuration should belong to. required: false mode: choices: - add - set - delete - update default: add description: - Sets one of three modes for managing the object. - Allows use of soft-adds instead of overwriting existing values required: false name: description: - Profile name. required: false sccp: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false comment: description: - Comment. required: false sip_rtp: choices: - disable - enable description: - Enable/disable create pinholes for RTP traffic to traverse firewall. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_status: choices: - disable - enable description: - Enable/disable SIP. - choice | disable | Disable status. - choice | enable | Enable status. required: false sccp_status: choices: - disable - enable description: - Enable/disable SCCP. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_ips_rtp: choices: - disable - enable description: - Enable/disable allow IPS on RTP. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_ssl_pfs: choices: - require - deny - allow description: - SSL Perfect Forward Secrecy. - choice | require | PFS mandatory. - choice | deny | PFS rejected. - choice | allow | PFS allowed. required: false sip_ack_rate: description: - ACK request rate limit (per second, per policy). required: false sip_bye_rate: description: - BYE request rate limit (per second, per policy). required: false sip_ssl_mode: choices: - 'off' - full description: - SSL/TLS mode for encryption & decryption of traffic. - choice | off | No SSL. - choice | full | Client to FortiGate and FortiGate to Server SSL. required: false sip_block_ack: choices: - disable - enable description: - Enable/disable block ACK requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_bye: choices: - disable - enable description: - Enable/disable block BYE requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_info_rate: description: - INFO request rate limit (per second, per policy). required: false sip_nat_trace: choices: - disable - enable description: - Enable/disable preservation of original IP in SDP i line. - choice | disable | Disable status. - choice | enable | Enable status. required: false sccp_max_calls: description: - Maximum calls per minute per SCCP client (max 65535). required: false sip_block_info: choices: - disable - enable description: - Enable/disable block INFO requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_prack_rate: description: - PRACK request rate limit (per second, per policy). required: false sip_refer_rate: description: - REFER request rate limit (per second, per policy). required: false sip_block_prack: choices: - disable - enable description: - Enable/disable block prack requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_refer: choices: - disable - enable description: - Enable/disable block REFER requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_cancel_rate: description: - CANCEL request rate limit (per second, per policy). required: false sip_invite_rate: description: - INVITE request rate limit (per second, per policy). required: false sip_max_dialogs: description: - Maximum number of concurrent calls/dialogs (per policy). required: false sip_notify_rate: description: - NOTIFY request rate limit (per second, per policy). required: false sip_update_rate: description: - UPDATE request rate limit (per second, per policy). required: false sccp_block_mcast: choices: - disable - enable description: - Enable/disable block multicast RTP connections. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_cancel: choices: - disable - enable description: - Enable/disable block CANCEL requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_invite: choices: - disable - enable description: - Enable/disable block INVITE requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_notify: choices: - disable - enable description: - Enable/disable block NOTIFY requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_update: choices: - disable - enable description: - Enable/disable block UPDATE requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_message_rate: description: - MESSAGE request rate limit (per second, per policy). required: false sip_no_sdp_fixup: choices: - disable - enable description: - Enable/disable no SDP fix-up. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_options_rate: description: - OPTIONS request rate limit (per second, per policy). required: false sip_publish_rate: description: - PUBLISH request rate limit (per second, per policy). required: false sip_block_message: choices: - disable - enable description: - Enable/disable block MESSAGE requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_options: choices: - disable - enable description: - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_publish: choices: - disable - enable description: - Enable/disable block PUBLISH requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_unknown: choices: - disable - enable description: - Block unrecognized SIP requests (enabled by default). - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_contact_fixup: choices: - disable - enable description: - Fixup contact anyway even if contact's IP|port doesn't match session's IP|port. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_register_rate: description: - REGISTER request rate limit (per second, per policy). required: false sip_ssl_algorithm: choices: - high - medium - low description: - Relative strength of encryption algorithms accepted in negotiation. - choice | high | High encryption. Allow only AES and ChaCha. - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4. - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. required: false sccp_verify_header: choices: - disable - enable description: - Enable/disable verify SCCP header content. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_register: choices: - disable - enable description: - Enable/disable block REGISTER requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_call_keepalive: description: - Continue tracking calls with no RTP for this many minutes. required: false sip_log_violations: choices: - disable - enable description: - Enable/disable logging of SIP violations. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_rfc2543_branch: choices: - disable - enable description: - Enable/disable support via branch compliant with RFC 2543. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_subscribe_rate: description: - SUBSCRIBE request rate limit (per second, per policy). required: false sip_unknown_header: choices: - pass - discard - respond description: - Action for unknown SIP header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sccp_log_violations: choices: - disable - enable description: - Enable/disable logging of SCCP violations. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_subscribe: choices: - disable - enable description: - Enable/disable block SUBSCRIBE requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_max_body_length: description: - Maximum SIP message body length (0 meaning no limit). required: false sip_max_line_length: description: - Maximum SIP header line length (78-4096). required: false sip_ssl_auth_client: description: - Require a client certificate and authenticate it with the peer/peergrp. required: false sip_ssl_auth_server: description: - Authenticate the server's certificate with the peer/peergrp. required: false sip_ssl_max_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 description: - Highest SSL/TLS version to negotiate. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. required: false sip_ssl_min_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 description: - Lowest SSL/TLS version to negotiate. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. required: false sip_strict_register: choices: - disable - enable description: - Enable/disable only allow the registrar to connect. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_block_long_lines: choices: - disable - enable description: - Enable/disable block requests with headers exceeding max-line-length. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_log_call_summary: choices: - disable - enable description: - Enable/disable logging of SIP call summary. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_max_idle_dialogs: description: - Maximum number established but idle dialogs to retain (per policy). required: false sip_open_via_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Via port. - choice | disable | Disable status. - choice | enable | Enable status. required: false sccp_log_call_summary: choices: - disable - enable description: - Enable/disable log summary of SCCP calls. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_preserve_override: choices: - disable - enable description: - Override i line to preserve original IPS (default| append). - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_malformed_header_to: choices: - pass - discard - respond description: - Action for malformed To header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_hosted_nat_traversal: choices: - disable - enable description: - Hosted NAT Traversal (HNT). - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_malformed_header_via: choices: - pass - discard - respond description: - Action for malformed VIA header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_open_contact_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for non-REGISTER Contact port. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_ssl_send_empty_frags: choices: - disable - enable description: - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). - choice | disable | Do not send empty fragments. - choice | enable | Send empty fragments. required: false sip_block_geo_red_options: choices: - disable - enable description: - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_malformed_header_cseq: choices: - pass - discard - respond description: - Action for malformed CSeq header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_from: choices: - pass - discard - respond description: - Action for malformed From header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_rack: choices: - pass - discard - respond description: - Action for malformed RAck header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_rseq: choices: - pass - discard - respond description: - Action for malformed RSeq header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_open_register_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for REGISTER Contact port. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_hnt_restrict_source_ip: choices: - disable - enable description: - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_malformed_header_allow: choices: - pass - discard - respond description: - Action for malformed Allow header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_route: choices: - pass - discard - respond description: - Action for malformed Route header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_a: choices: - pass - discard - respond description: - Action for malformed SDP a line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_b: choices: - pass - discard - respond description: - Action for malformed SDP b line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_c: choices: - pass - discard - respond description: - Action for malformed SDP c line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_i: choices: - pass - discard - respond description: - Action for malformed SDP i line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_k: choices: - pass - discard - respond description: - Action for malformed SDP k line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_m: choices: - pass - discard - respond description: - Action for malformed SDP m line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_o: choices: - pass - discard - respond description: - Action for malformed SDP o line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_r: choices: - pass - discard - respond description: - Action for malformed SDP r line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_s: choices: - pass - discard - respond description: - Action for malformed SDP s line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_t: choices: - pass - discard - respond description: - Action for malformed SDP t line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_v: choices: - pass - discard - respond description: - Action for malformed SDP v line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_sdp_z: choices: - pass - discard - respond description: - Action for malformed SDP z line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_request_line: choices: - pass - discard - respond description: - Action for malformed request line. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_register_contact_trace: choices: - disable - enable description: - Enable/disable trace original IP/port within the contact header of REGISTER requests. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_ssl_client_certificate: description: - Name of Certificate to offer to server if requested. required: false sip_ssl_server_certificate: description: - Name of Certificate return to the client in every SSL connection. required: false sip_malformed_header_call_id: choices: - pass - discard - respond description: - Action for malformed Call-ID header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_contact: choices: - pass - discard - respond description: - Action for malformed Contact header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_expires: choices: - pass - discard - respond description: - Action for malformed Expires header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_ssl_client_renegotiation: choices: - allow - deny - secure description: - Allow/block client renegotiation by server. - choice | allow | Allow a SSL client to renegotiate. - choice | deny | Abort any SSL connection that attempts to renegotiate. - choice | secure | Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication. required: false sip_open_record_route_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Record-Route port. - choice | disable | Disable status. - choice | enable | Enable status. required: false sip_malformed_header_content_type: choices: - pass - discard - respond description: - Action for malformed Content-Type header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_max_forwards: choices: - pass - discard - respond description: - Action for malformed Max-Forwards header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_record_route: choices: - pass - discard - respond description: - Action for malformed Record-Route header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_provisional_invite_expiry_time: description: - Expiry time for provisional INVITE (10 - 3600 sec). required: false sip_malformed_header_content_length: choices: - pass - discard - respond description: - Action for malformed Content-Length header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false sip_malformed_header_p_asserted_identity: choices: - pass - discard - respond description: - Action for malformed P-Asserted-Identity header. - choice | pass | Bypass malformed messages. - choice | discard | Discard malformed messages. - choice | respond | Respond with error code. required: false
api_result: description: full API response, includes status code and message returned: always type: str