Try SpotterConfigure GTP.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure GTP.
fmgr_firewall_gtp:
bypass_validation: False
adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom
state: present
firewall_gtp:
monitor-mode: disable #<value in [disable, enable, vdom]>
name: 'ansible-test'
- name: gathering fortimanager facts
hosts: fortimanager00
gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: retrieve all the GTPs
fmgr_fact:
facts:
selector: 'firewall_gtp'
params:
adom: 'FortiCarrier' # This is FOC-only object, need a FortiCarrier adom
gtp: 'your_value'
adom:
description: the parameter (adom) in requested url
required: true
type: str
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
firewall_gtp:
description: the top level parameters set
required: false
suboptions:
addr-notify:
description: overbilling notify address
type: str
apn:
description: Apn.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description: Action.
type: str
apnmember:
description: APN member.
type: str
id:
description: ID.
type: int
selection-mode:
choices:
- ms
- net
- vrf
description: APN selection mode.
elements: str
type: list
type: list
apn-filter:
choices:
- disable
- enable
description: apn filter
type: str
authorized-ggsns:
description: Authorized GGSN group
type: str
authorized-ggsns6:
description: Authorized GGSN/PGW IPv6 group.
type: str
authorized-sgsns:
description: Authorized SGSN group
type: str
authorized-sgsns6:
description: Authorized SGSN/SGW IPv6 group.
type: str
comment:
description: Comment.
type: str
context-id:
description: Overbilling context.
type: int
control-plane-message-rate-limit:
description: control plane message rate limit
type: int
default-apn-action:
choices:
- allow
- deny
description: default apn action
type: str
default-imsi-action:
choices:
- allow
- deny
description: default imsi action
type: str
default-ip-action:
choices:
- allow
- deny
description: default action for encapsulated IP traffic
type: str
default-noip-action:
choices:
- allow
- deny
description: default action for encapsulated non-IP traffic
type: str
default-policy-action:
choices:
- allow
- deny
description: default advanced policy action
type: str
denied-log:
choices:
- disable
- enable
description: log denied
type: str
echo-request-interval:
description: echo request interval
type: int
extension-log:
choices:
- disable
- enable
description: log in extension format
type: str
forwarded-log:
choices:
- disable
- enable
description: log forwarded
type: str
global-tunnel-limit:
description: Global tunnel limit.
type: str
gtp-in-gtp:
choices:
- allow
- deny
description: gtp in gtp
type: str
gtpu-denied-log:
choices:
- disable
- enable
description: Enable/disable logging of denied GTP-U packets.
type: str
gtpu-forwarded-log:
choices:
- disable
- enable
description: Enable/disable logging of forwarded GTP-U packets.
type: str
gtpu-log-freq:
description: Logging of frequency of GTP-U packets.
type: int
half-close-timeout:
description: Half-close tunnel timeout
type: int
half-open-timeout:
description: Half-open tunnel timeout
type: int
handover-group:
description: Handover SGSN group
type: str
handover-group6:
description: Handover SGSN/SGW IPv6 group.
type: str
ie-allow-list-v0v1:
description: IE allow list.
type: str
ie-allow-list-v2:
description: IE allow list.
type: str
ie-remove-policy:
description: Ie-Remove-Policy.
elements: dict
suboptions:
id:
description: ID.
type: int
remove-ies:
choices:
- apn-restriction
- rat-type
- rai
- uli
- imei
description: GTP IEs to be removed.
elements: str
type: list
sgsn-addr:
description: SGSN address name.
type: str
sgsn-addr6:
description: SGSN IPv6 address name.
type: str
type: list
ie-remover:
choices:
- disable
- enable
description: IE removal policy.
type: str
ie-validation:
description: no description
required: false
suboptions:
apn-restriction:
choices:
- disable
- enable
description: Validate APN restriction.
type: str
charging-ID:
choices:
- disable
- enable
description: Validate charging ID.
type: str
charging-gateway-addr:
choices:
- disable
- enable
description: Validate charging gateway address.
type: str
end-user-addr:
choices:
- disable
- enable
description: Validate end user address.
type: str
gsn-addr:
choices:
- disable
- enable
description: Validate GSN address.
type: str
imei:
choices:
- disable
- enable
description: Validate IMEI
type: str
imsi:
choices:
- disable
- enable
description: Validate IMSI.
type: str
mm-context:
choices:
- disable
- enable
description: Validate MM context.
type: str
ms-tzone:
choices:
- disable
- enable
description: Validate MS time zone.
type: str
ms-validated:
choices:
- disable
- enable
description: Validate MS validated.
type: str
msisdn:
choices:
- disable
- enable
description: Validate MSISDN.
type: str
nsapi:
choices:
- disable
- enable
description: Validate NSAPI.
type: str
pdp-context:
choices:
- disable
- enable
description: Validate PDP context.
type: str
qos-profile:
choices:
- disable
- enable
description: Validate Quality of Service
type: str
rai:
choices:
- disable
- enable
description: Validate RAI.
type: str
rat-type:
choices:
- disable
- enable
description: Validate RAT type.
type: str
reordering-required:
choices:
- disable
- enable
description: Validate re-ordering required.
type: str
selection-mode:
choices:
- disable
- enable
description: Validate selection mode.
type: str
uli:
choices:
- disable
- enable
description: Validate user location information.
type: str
type: dict
ie-white-list-v0v1:
description: IE white list.
type: str
ie-white-list-v2:
description: IE white list.
type: str
imsi:
description: Imsi.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description: Action.
type: str
apnmember:
description: APN member.
type: str
id:
description: ID.
type: int
mcc-mnc:
description: MCC MNC.
type: str
msisdn-prefix:
description: MSISDN prefix.
type: str
selection-mode:
choices:
- ms
- net
- vrf
description: APN selection mode.
elements: str
type: list
type: list
imsi-filter:
choices:
- disable
- enable
description: imsi filter
type: str
interface-notify:
description: overbilling interface
type: str
invalid-reserved-field:
choices:
- allow
- deny
description: Invalid reserved field in GTP header
type: str
invalid-sgsns-to-log:
description: Invalid SGSN group to be logged
type: str
invalid-sgsns6-to-log:
description: Invalid SGSN IPv6 group to be logged.
type: str
ip-filter:
choices:
- disable
- enable
description: IP filter for encapsulted traffic
type: str
ip-policy:
description: Ip-Policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description: Action.
type: str
dstaddr:
description: Destination address name.
type: str
dstaddr6:
description: Destination IPv6 address name.
type: str
id:
description: ID.
type: int
srcaddr:
description: Source address name.
type: str
srcaddr6:
description: Source IPv6 address name.
type: str
type: list
log-freq:
description: Logging of frequency of GTP-C packets.
type: int
log-gtpu-limit:
description: the user data log limit
type: int
log-imsi-prefix:
description: IMSI prefix for selective logging.
type: str
log-msisdn-prefix:
description: the msisdn prefix for selective logging
type: str
max-message-length:
description: max message length
type: int
message-filter:
description: no description
required: false
suboptions:
create-aa-pdp:
choices:
- allow
- deny
description: Create AA PDP.
type: str
create-mbms:
choices:
- allow
- deny
description: Create MBMS.
type: str
create-pdp:
choices:
- allow
- deny
description: Create PDP.
type: str
data-record:
choices:
- allow
- deny
description: Data record.
type: str
delete-aa-pdp:
choices:
- allow
- deny
description: Delete AA PDP.
type: str
delete-mbms:
choices:
- allow
- deny
description: Delete MBMS.
type: str
delete-pdp:
choices:
- allow
- deny
description: Delete PDP.
type: str
echo:
choices:
- allow
- deny
description: Echo.
type: str
error-indication:
choices:
- allow
- deny
description: Error indication.
type: str
failure-report:
choices:
- allow
- deny
description: Failure report.
type: str
fwd-relocation:
choices:
- allow
- deny
description: Forward relocation.
type: str
fwd-srns-context:
choices:
- allow
- deny
description: Forward SRNS context.
type: str
gtp-pdu:
choices:
- allow
- deny
description: GTP PDU.
type: str
identification:
choices:
- allow
- deny
description: Identification.
type: str
mbms-notification:
choices:
- allow
- deny
description: MBMS notification.
type: str
node-alive:
choices:
- allow
- deny
description: Node alive.
type: str
note-ms-present:
choices:
- allow
- deny
description: Note MS present.
type: str
pdu-notification:
choices:
- allow
- deny
description: PDU notification.
type: str
ran-info:
choices:
- allow
- deny
description: Ran info.
type: str
redirection:
choices:
- allow
- deny
description: Redirection.
type: str
relocation-cancel:
choices:
- allow
- deny
description: Relocation cancel.
type: str
send-route:
choices:
- allow
- deny
description: Send route.
type: str
sgsn-context:
choices:
- allow
- deny
description: SGSN context.
type: str
support-extension:
choices:
- allow
- deny
description: Support extension.
type: str
unknown-message-action:
choices:
- allow
- deny
description: Unknown message action.
type: str
update-mbms:
choices:
- allow
- deny
description: Update MBMS.
type: str
update-pdp:
choices:
- allow
- deny
description: Update PDP.
type: str
version-not-support:
choices:
- allow
- deny
description: Version not supported.
type: str
type: dict
message-filter-v0v1:
description: Message filter.
type: str
message-filter-v2:
description: Message filter.
type: str
message-rate-limit:
description: no description
required: false
suboptions:
create-aa-pdp-request:
description: Rate limit for create AA PDP context request
type: int
create-aa-pdp-response:
description: Rate limit for create AA PDP context response
type: int
create-mbms-request:
description: Rate limit for create MBMS context request
type: int
create-mbms-response:
description: Rate limit for create MBMS context response
type: int
create-pdp-request:
description: Rate limit for create PDP context request
type: int
create-pdp-response:
description: Rate limit for create PDP context response
type: int
delete-aa-pdp-request:
description: Rate limit for delete AA PDP context request
type: int
delete-aa-pdp-response:
description: Rate limit for delete AA PDP context response
type: int
delete-mbms-request:
description: Rate limit for delete MBMS context request
type: int
delete-mbms-response:
description: Rate limit for delete MBMS context response
type: int
delete-pdp-request:
description: Rate limit for delete PDP context request
type: int
delete-pdp-response:
description: Rate limit for delete PDP context response
type: int
echo-reponse:
description: Rate limit for echo response
type: int
echo-request:
description: Rate limit for echo requests
type: int
error-indication:
description: Rate limit for error indication
type: int
failure-report-request:
description: Rate limit for failure report request
type: int
failure-report-response:
description: Rate limit for failure report response
type: int
fwd-reloc-complete-ack:
description: Rate limit for forward relocation complete acknowledge
type: int
fwd-relocation-complete:
description: Rate limit for forward relocation complete
type: int
fwd-relocation-request:
description: Rate limit for forward relocation request
type: int
fwd-relocation-response:
description: Rate limit for forward relocation response
type: int
fwd-srns-context:
description: Rate limit for forward SRNS context
type: int
fwd-srns-context-ack:
description: Rate limit for forward SRNS context acknowledge
type: int
g-pdu:
description: Rate limit for G-PDU
type: int
identification-request:
description: Rate limit for identification request
type: int
identification-response:
description: Rate limit for identification response
type: int
mbms-de-reg-request:
description: Rate limit for MBMS de-registration request
type: int
mbms-de-reg-response:
description: Rate limit for MBMS de-registration response
type: int
mbms-notify-rej-request:
description: Rate limit for MBMS notification reject request
type: int
mbms-notify-rej-response:
description: Rate limit for MBMS notification reject response
type: int
mbms-notify-request:
description: Rate limit for MBMS notification request
type: int
mbms-notify-response:
description: Rate limit for MBMS notification response
type: int
mbms-reg-request:
description: Rate limit for MBMS registration request
type: int
mbms-reg-response:
description: Rate limit for MBMS registration response
type: int
mbms-ses-start-request:
description: Rate limit for MBMS session start request
type: int
mbms-ses-start-response:
description: Rate limit for MBMS session start response
type: int
mbms-ses-stop-request:
description: Rate limit for MBMS session stop request
type: int
mbms-ses-stop-response:
description: Rate limit for MBMS session stop response
type: int
note-ms-request:
description: Rate limit for note MS GPRS present request
type: int
note-ms-response:
description: Rate limit for note MS GPRS present response
type: int
pdu-notify-rej-request:
description: Rate limit for PDU notify reject request
type: int
pdu-notify-rej-response:
description: Rate limit for PDU notify reject response
type: int
pdu-notify-request:
description: Rate limit for PDU notify request
type: int
pdu-notify-response:
description: Rate limit for PDU notify response
type: int
ran-info:
description: Rate limit for RAN information relay
type: int
relocation-cancel-request:
description: Rate limit for relocation cancel request
type: int
relocation-cancel-response:
description: Rate limit for relocation cancel response
type: int
send-route-request:
description: Rate limit for send routing information for GPRS request
type: int
send-route-response:
description: Rate limit for send routing information for GPRS response
type: int
sgsn-context-ack:
description: Rate limit for SGSN context acknowledgement
type: int
sgsn-context-request:
description: Rate limit for SGSN context request
type: int
sgsn-context-response:
description: Rate limit for SGSN context response
type: int
support-ext-hdr-notify:
description: Rate limit for support extension headers notification
type: int
update-mbms-request:
description: Rate limit for update MBMS context request
type: int
update-mbms-response:
description: Rate limit for update MBMS context response
type: int
update-pdp-request:
description: Rate limit for update PDP context request
type: int
update-pdp-response:
description: Rate limit for update PDP context response
type: int
version-not-support:
description: Rate limit for version not supported
type: int
type: dict
message-rate-limit-v0:
description: no description
required: false
suboptions:
create-pdp-request:
description: Rate limit
type: int
delete-pdp-request:
description: Rate limit
type: int
echo-request:
description: Rate limit
type: int
type: dict
message-rate-limit-v1:
description: no description
required: false
suboptions:
create-pdp-request:
description: Rate limit
type: int
delete-pdp-request:
description: Rate limit
type: int
echo-request:
description: Rate limit
type: int
type: dict
message-rate-limit-v2:
description: no description
required: false
suboptions:
create-session-request:
description: Rate limit
type: int
delete-session-request:
description: Rate limit
type: int
echo-request:
description: Rate limit
type: int
type: dict
min-message-length:
description: min message length
type: int
miss-must-ie:
choices:
- allow
- deny
description: Missing mandatory information element
type: str
monitor-mode:
choices:
- disable
- enable
- vdom
description: GTP monitor mode
type: str
name:
description: Profile name.
type: str
noip-filter:
choices:
- disable
- enable
description: non-IP filter for encapsulted traffic
type: str
noip-policy:
description: Noip-Policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description: Action.
type: str
end:
description: End of protocol range
type: int
id:
description: ID.
type: int
start:
description: Start of protocol range
type: int
type:
choices:
- etsi
- ietf
description: Protocol field type.
type: str
type: list
out-of-state-ie:
choices:
- allow
- deny
description: Out of state information element.
type: str
out-of-state-message:
choices:
- allow
- deny
description: Out of state GTP message
type: str
per-apn-shaper:
description: Per-Apn-Shaper.
elements: dict
suboptions:
apn:
description: APN name.
type: str
id:
description: ID.
type: int
rate-limit:
description: Rate limit
type: int
version:
description: GTP version number
type: int
type: list
policy:
description: Policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description: Action.
type: str
apn:
description: APN subfix.
type: str
apn-sel-mode:
choices:
- ms
- net
- vrf
description: APN selection mode.
elements: str
type: list
apnmember:
description: APN member.
type: str
id:
description: ID.
type: int
imei:
description: IMEI
type: str
imsi:
description: IMSI prefix.
type: str
imsi-prefix:
description: IMSI prefix.
type: str
max-apn-restriction:
choices:
- all
- public-1
- public-2
- private-1
- private-2
description: Maximum APN restriction value.
type: str
messages:
choices:
- create-req
- create-res
- update-req
- update-res
description: GTP messages.
elements: str
type: list
msisdn:
description: MSISDN prefix.
type: str
msisdn-prefix:
description: MSISDN prefix.
type: str
rai:
description: RAI pattern.
type: str
rat-type:
choices:
- any
- utran
- geran
- wlan
- gan
- hspa
- eutran
- virtual
- nbiot
description: RAT Type.
elements: str
type: list
uli:
description: ULI pattern.
type: str
type: list
policy-filter:
choices:
- disable
- enable
description: Advanced policy filter
type: str
policy-v2:
description: Policy-V2.
elements: dict
suboptions:
action:
choices:
- deny
- allow
description: Action.
type: str
apn-sel-mode:
choices:
- ms
- net
- vrf
description: APN selection mode.
elements: str
type: list
apnmember:
description: APN member.
type: str
id:
description: ID.
type: int
imsi-prefix:
description: IMSI prefix.
type: str
max-apn-restriction:
choices:
- all
- public-1
- public-2
- private-1
- private-2
description: Maximum APN restriction value.
type: str
mei:
description: MEI pattern.
type: str
messages:
choices:
- create-ses-req
- create-ses-res
- modify-bearer-req
- modify-bearer-res
description: GTP messages.
elements: str
type: list
msisdn-prefix:
description: MSISDN prefix.
type: str
rat-type:
choices:
- any
- utran
- geran
- wlan
- gan
- hspa
- eutran
- virtual
- nbiot
- ltem
- nr
description: RAT Type.
elements: str
type: list
uli:
description: GTPv2 ULI patterns
type: str
type: list
port-notify:
description: overbilling notify port
type: int
rat-timeout-profile:
description: RAT timeout profile.
type: str
rate-limit-mode:
choices:
- per-profile
- per-stream
- per-apn
description: GTP rate limit mode.
type: str
rate-limited-log:
choices:
- disable
- enable
description: log rate limited
type: str
rate-sampling-interval:
description: rate sampling interval
type: int
remove-if-echo-expires:
choices:
- disable
- enable
description: remove if echo response expires
type: str
remove-if-recovery-differ:
choices:
- disable
- enable
description: remove upon different Recovery IE
type: str
reserved-ie:
choices:
- allow
- deny
description: reserved information element
type: str
send-delete-when-timeout:
choices:
- disable
- enable
description: send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.
type: str
send-delete-when-timeout-v2:
choices:
- disable
- enable
description: send DELETE request to path endpoints when GTPv2 tunnel timeout.
type: str
spoof-src-addr:
choices:
- allow
- deny
description: Spoofed source address for Mobile Station.
type: str
state-invalid-log:
choices:
- disable
- enable
description: log state invalid
type: str
sub-second-interval:
choices:
- '0.1'
- '0.25'
- '0.5'
description: Sub-second interval
type: str
sub-second-sampling:
choices:
- disable
- enable
description: Enable/disable sub-second sampling.
type: str
traffic-count-log:
choices:
- disable
- enable
description: log tunnel traffic counter
type: str
tunnel-limit:
description: tunnel limit
type: int
tunnel-limit-log:
choices:
- disable
- enable
description: tunnel limit
type: str
tunnel-timeout:
description: Established tunnel timeout
type: int
unknown-version-action:
choices:
- allow
- deny
description: action for unknown gtp version
type: str
user-plane-message-rate-limit:
description: user plane message rate limit
type: int
warning-threshold:
description: Warning threshold for rate limiting
type: int
type: dict
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list