drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_firewall_gtp Configure GTP. | "added in version" 2.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_firewall_gtp (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager00 collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure GTP. fmgr_firewall_gtp: bypass_validation: False adom: FortiCarrier # This is FOC-only object, need a FortiCarrier adom state: present firewall_gtp: monitor-mode: disable #<value in [disable, enable, vdom]> name: 'ansible-test'
- name: gathering fortimanager facts hosts: fortimanager00 gather_facts: no connection: httpapi collections: - fortinet.fortimanager vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: retrieve all the GTPs fmgr_fact: facts: selector: 'firewall_gtp' params: adom: 'FortiCarrier' # This is FOC-only object, need a FortiCarrier adom gtp: 'your_value'
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str firewall_gtp: description: the top level parameters set required: false suboptions: addr-notify: description: overbilling notify address type: str apn: description: Apn. elements: dict suboptions: action: choices: - allow - deny description: Action. type: str apnmember: description: APN member. type: str id: description: ID. type: int selection-mode: choices: - ms - net - vrf description: APN selection mode. elements: str type: list type: list apn-filter: choices: - disable - enable description: apn filter type: str authorized-ggsns: description: Authorized GGSN group type: str authorized-ggsns6: description: Authorized GGSN/PGW IPv6 group. type: str authorized-sgsns: description: Authorized SGSN group type: str authorized-sgsns6: description: Authorized SGSN/SGW IPv6 group. type: str comment: description: Comment. type: str context-id: description: Overbilling context. type: int control-plane-message-rate-limit: description: control plane message rate limit type: int default-apn-action: choices: - allow - deny description: default apn action type: str default-imsi-action: choices: - allow - deny description: default imsi action type: str default-ip-action: choices: - allow - deny description: default action for encapsulated IP traffic type: str default-noip-action: choices: - allow - deny description: default action for encapsulated non-IP traffic type: str default-policy-action: choices: - allow - deny description: default advanced policy action type: str denied-log: choices: - disable - enable description: log denied type: str echo-request-interval: description: echo request interval type: int extension-log: choices: - disable - enable description: log in extension format type: str forwarded-log: choices: - disable - enable description: log forwarded type: str global-tunnel-limit: description: Global tunnel limit. type: str gtp-in-gtp: choices: - allow - deny description: gtp in gtp type: str gtpu-denied-log: choices: - disable - enable description: Enable/disable logging of denied GTP-U packets. type: str gtpu-forwarded-log: choices: - disable - enable description: Enable/disable logging of forwarded GTP-U packets. type: str gtpu-log-freq: description: Logging of frequency of GTP-U packets. type: int half-close-timeout: description: Half-close tunnel timeout type: int half-open-timeout: description: Half-open tunnel timeout type: int handover-group: description: Handover SGSN group type: str handover-group6: description: Handover SGSN/SGW IPv6 group. type: str ie-allow-list-v0v1: description: IE allow list. type: str ie-allow-list-v2: description: IE allow list. type: str ie-remove-policy: description: Ie-Remove-Policy. elements: dict suboptions: id: description: ID. type: int remove-ies: choices: - apn-restriction - rat-type - rai - uli - imei description: GTP IEs to be removed. elements: str type: list sgsn-addr: description: SGSN address name. type: str sgsn-addr6: description: SGSN IPv6 address name. type: str type: list ie-remover: choices: - disable - enable description: IE removal policy. type: str ie-validation: description: no description required: false suboptions: apn-restriction: choices: - disable - enable description: Validate APN restriction. type: str charging-ID: choices: - disable - enable description: Validate charging ID. type: str charging-gateway-addr: choices: - disable - enable description: Validate charging gateway address. type: str end-user-addr: choices: - disable - enable description: Validate end user address. type: str gsn-addr: choices: - disable - enable description: Validate GSN address. type: str imei: choices: - disable - enable description: Validate IMEI type: str imsi: choices: - disable - enable description: Validate IMSI. type: str mm-context: choices: - disable - enable description: Validate MM context. type: str ms-tzone: choices: - disable - enable description: Validate MS time zone. type: str ms-validated: choices: - disable - enable description: Validate MS validated. type: str msisdn: choices: - disable - enable description: Validate MSISDN. type: str nsapi: choices: - disable - enable description: Validate NSAPI. type: str pdp-context: choices: - disable - enable description: Validate PDP context. type: str qos-profile: choices: - disable - enable description: Validate Quality of Service type: str rai: choices: - disable - enable description: Validate RAI. type: str rat-type: choices: - disable - enable description: Validate RAT type. type: str reordering-required: choices: - disable - enable description: Validate re-ordering required. type: str selection-mode: choices: - disable - enable description: Validate selection mode. type: str uli: choices: - disable - enable description: Validate user location information. type: str type: dict ie-white-list-v0v1: description: IE white list. type: str ie-white-list-v2: description: IE white list. type: str imsi: description: Imsi. elements: dict suboptions: action: choices: - allow - deny description: Action. type: str apnmember: description: APN member. type: str id: description: ID. type: int mcc-mnc: description: MCC MNC. type: str msisdn-prefix: description: MSISDN prefix. type: str selection-mode: choices: - ms - net - vrf description: APN selection mode. elements: str type: list type: list imsi-filter: choices: - disable - enable description: imsi filter type: str interface-notify: description: overbilling interface type: str invalid-reserved-field: choices: - allow - deny description: Invalid reserved field in GTP header type: str invalid-sgsns-to-log: description: Invalid SGSN group to be logged type: str invalid-sgsns6-to-log: description: Invalid SGSN IPv6 group to be logged. type: str ip-filter: choices: - disable - enable description: IP filter for encapsulted traffic type: str ip-policy: description: Ip-Policy. elements: dict suboptions: action: choices: - allow - deny description: Action. type: str dstaddr: description: Destination address name. type: str dstaddr6: description: Destination IPv6 address name. type: str id: description: ID. type: int srcaddr: description: Source address name. type: str srcaddr6: description: Source IPv6 address name. type: str type: list log-freq: description: Logging of frequency of GTP-C packets. type: int log-gtpu-limit: description: the user data log limit type: int log-imsi-prefix: description: IMSI prefix for selective logging. type: str log-msisdn-prefix: description: the msisdn prefix for selective logging type: str max-message-length: description: max message length type: int message-filter: description: no description required: false suboptions: create-aa-pdp: choices: - allow - deny description: Create AA PDP. type: str create-mbms: choices: - allow - deny description: Create MBMS. type: str create-pdp: choices: - allow - deny description: Create PDP. type: str data-record: choices: - allow - deny description: Data record. type: str delete-aa-pdp: choices: - allow - deny description: Delete AA PDP. type: str delete-mbms: choices: - allow - deny description: Delete MBMS. type: str delete-pdp: choices: - allow - deny description: Delete PDP. type: str echo: choices: - allow - deny description: Echo. type: str error-indication: choices: - allow - deny description: Error indication. type: str failure-report: choices: - allow - deny description: Failure report. type: str fwd-relocation: choices: - allow - deny description: Forward relocation. type: str fwd-srns-context: choices: - allow - deny description: Forward SRNS context. type: str gtp-pdu: choices: - allow - deny description: GTP PDU. type: str identification: choices: - allow - deny description: Identification. type: str mbms-notification: choices: - allow - deny description: MBMS notification. type: str node-alive: choices: - allow - deny description: Node alive. type: str note-ms-present: choices: - allow - deny description: Note MS present. type: str pdu-notification: choices: - allow - deny description: PDU notification. type: str ran-info: choices: - allow - deny description: Ran info. type: str redirection: choices: - allow - deny description: Redirection. type: str relocation-cancel: choices: - allow - deny description: Relocation cancel. type: str send-route: choices: - allow - deny description: Send route. type: str sgsn-context: choices: - allow - deny description: SGSN context. type: str support-extension: choices: - allow - deny description: Support extension. type: str unknown-message-action: choices: - allow - deny description: Unknown message action. type: str update-mbms: choices: - allow - deny description: Update MBMS. type: str update-pdp: choices: - allow - deny description: Update PDP. type: str version-not-support: choices: - allow - deny description: Version not supported. type: str type: dict message-filter-v0v1: description: Message filter. type: str message-filter-v2: description: Message filter. type: str message-rate-limit: description: no description required: false suboptions: create-aa-pdp-request: description: Rate limit for create AA PDP context request type: int create-aa-pdp-response: description: Rate limit for create AA PDP context response type: int create-mbms-request: description: Rate limit for create MBMS context request type: int create-mbms-response: description: Rate limit for create MBMS context response type: int create-pdp-request: description: Rate limit for create PDP context request type: int create-pdp-response: description: Rate limit for create PDP context response type: int delete-aa-pdp-request: description: Rate limit for delete AA PDP context request type: int delete-aa-pdp-response: description: Rate limit for delete AA PDP context response type: int delete-mbms-request: description: Rate limit for delete MBMS context request type: int delete-mbms-response: description: Rate limit for delete MBMS context response type: int delete-pdp-request: description: Rate limit for delete PDP context request type: int delete-pdp-response: description: Rate limit for delete PDP context response type: int echo-reponse: description: Rate limit for echo response type: int echo-request: description: Rate limit for echo requests type: int error-indication: description: Rate limit for error indication type: int failure-report-request: description: Rate limit for failure report request type: int failure-report-response: description: Rate limit for failure report response type: int fwd-reloc-complete-ack: description: Rate limit for forward relocation complete acknowledge type: int fwd-relocation-complete: description: Rate limit for forward relocation complete type: int fwd-relocation-request: description: Rate limit for forward relocation request type: int fwd-relocation-response: description: Rate limit for forward relocation response type: int fwd-srns-context: description: Rate limit for forward SRNS context type: int fwd-srns-context-ack: description: Rate limit for forward SRNS context acknowledge type: int g-pdu: description: Rate limit for G-PDU type: int identification-request: description: Rate limit for identification request type: int identification-response: description: Rate limit for identification response type: int mbms-de-reg-request: description: Rate limit for MBMS de-registration request type: int mbms-de-reg-response: description: Rate limit for MBMS de-registration response type: int mbms-notify-rej-request: description: Rate limit for MBMS notification reject request type: int mbms-notify-rej-response: description: Rate limit for MBMS notification reject response type: int mbms-notify-request: description: Rate limit for MBMS notification request type: int mbms-notify-response: description: Rate limit for MBMS notification response type: int mbms-reg-request: description: Rate limit for MBMS registration request type: int mbms-reg-response: description: Rate limit for MBMS registration response type: int mbms-ses-start-request: description: Rate limit for MBMS session start request type: int mbms-ses-start-response: description: Rate limit for MBMS session start response type: int mbms-ses-stop-request: description: Rate limit for MBMS session stop request type: int mbms-ses-stop-response: description: Rate limit for MBMS session stop response type: int note-ms-request: description: Rate limit for note MS GPRS present request type: int note-ms-response: description: Rate limit for note MS GPRS present response type: int pdu-notify-rej-request: description: Rate limit for PDU notify reject request type: int pdu-notify-rej-response: description: Rate limit for PDU notify reject response type: int pdu-notify-request: description: Rate limit for PDU notify request type: int pdu-notify-response: description: Rate limit for PDU notify response type: int ran-info: description: Rate limit for RAN information relay type: int relocation-cancel-request: description: Rate limit for relocation cancel request type: int relocation-cancel-response: description: Rate limit for relocation cancel response type: int send-route-request: description: Rate limit for send routing information for GPRS request type: int send-route-response: description: Rate limit for send routing information for GPRS response type: int sgsn-context-ack: description: Rate limit for SGSN context acknowledgement type: int sgsn-context-request: description: Rate limit for SGSN context request type: int sgsn-context-response: description: Rate limit for SGSN context response type: int support-ext-hdr-notify: description: Rate limit for support extension headers notification type: int update-mbms-request: description: Rate limit for update MBMS context request type: int update-mbms-response: description: Rate limit for update MBMS context response type: int update-pdp-request: description: Rate limit for update PDP context request type: int update-pdp-response: description: Rate limit for update PDP context response type: int version-not-support: description: Rate limit for version not supported type: int type: dict message-rate-limit-v0: description: no description required: false suboptions: create-pdp-request: description: Rate limit type: int delete-pdp-request: description: Rate limit type: int echo-request: description: Rate limit type: int type: dict message-rate-limit-v1: description: no description required: false suboptions: create-pdp-request: description: Rate limit type: int delete-pdp-request: description: Rate limit type: int echo-request: description: Rate limit type: int type: dict message-rate-limit-v2: description: no description required: false suboptions: create-session-request: description: Rate limit type: int delete-session-request: description: Rate limit type: int echo-request: description: Rate limit type: int type: dict min-message-length: description: min message length type: int miss-must-ie: choices: - allow - deny description: Missing mandatory information element type: str monitor-mode: choices: - disable - enable - vdom description: GTP monitor mode type: str name: description: Profile name. type: str noip-filter: choices: - disable - enable description: non-IP filter for encapsulted traffic type: str noip-policy: description: Noip-Policy. elements: dict suboptions: action: choices: - allow - deny description: Action. type: str end: description: End of protocol range type: int id: description: ID. type: int start: description: Start of protocol range type: int type: choices: - etsi - ietf description: Protocol field type. type: str type: list out-of-state-ie: choices: - allow - deny description: Out of state information element. type: str out-of-state-message: choices: - allow - deny description: Out of state GTP message type: str per-apn-shaper: description: Per-Apn-Shaper. elements: dict suboptions: apn: description: APN name. type: str id: description: ID. type: int rate-limit: description: Rate limit type: int version: description: GTP version number type: int type: list policy: description: Policy. elements: dict suboptions: action: choices: - allow - deny description: Action. type: str apn: description: APN subfix. type: str apn-sel-mode: choices: - ms - net - vrf description: APN selection mode. elements: str type: list apnmember: description: APN member. type: str id: description: ID. type: int imei: description: IMEI type: str imsi: description: IMSI prefix. type: str imsi-prefix: description: IMSI prefix. type: str max-apn-restriction: choices: - all - public-1 - public-2 - private-1 - private-2 description: Maximum APN restriction value. type: str messages: choices: - create-req - create-res - update-req - update-res description: GTP messages. elements: str type: list msisdn: description: MSISDN prefix. type: str msisdn-prefix: description: MSISDN prefix. type: str rai: description: RAI pattern. type: str rat-type: choices: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot description: RAT Type. elements: str type: list uli: description: ULI pattern. type: str type: list policy-filter: choices: - disable - enable description: Advanced policy filter type: str policy-v2: description: Policy-V2. elements: dict suboptions: action: choices: - deny - allow description: Action. type: str apn-sel-mode: choices: - ms - net - vrf description: APN selection mode. elements: str type: list apnmember: description: APN member. type: str id: description: ID. type: int imsi-prefix: description: IMSI prefix. type: str max-apn-restriction: choices: - all - public-1 - public-2 - private-1 - private-2 description: Maximum APN restriction value. type: str mei: description: MEI pattern. type: str messages: choices: - create-ses-req - create-ses-res - modify-bearer-req - modify-bearer-res description: GTP messages. elements: str type: list msisdn-prefix: description: MSISDN prefix. type: str rat-type: choices: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot - ltem - nr description: RAT Type. elements: str type: list uli: description: GTPv2 ULI patterns type: str type: list port-notify: description: overbilling notify port type: int rat-timeout-profile: description: RAT timeout profile. type: str rate-limit-mode: choices: - per-profile - per-stream - per-apn description: GTP rate limit mode. type: str rate-limited-log: choices: - disable - enable description: log rate limited type: str rate-sampling-interval: description: rate sampling interval type: int remove-if-echo-expires: choices: - disable - enable description: remove if echo response expires type: str remove-if-recovery-differ: choices: - disable - enable description: remove upon different Recovery IE type: str reserved-ie: choices: - allow - deny description: reserved information element type: str send-delete-when-timeout: choices: - disable - enable description: send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. type: str send-delete-when-timeout-v2: choices: - disable - enable description: send DELETE request to path endpoints when GTPv2 tunnel timeout. type: str spoof-src-addr: choices: - allow - deny description: Spoofed source address for Mobile Station. type: str state-invalid-log: choices: - disable - enable description: log state invalid type: str sub-second-interval: choices: - '0.1' - '0.25' - '0.5' description: Sub-second interval type: str sub-second-sampling: choices: - disable - enable description: Enable/disable sub-second sampling. type: str traffic-count-log: choices: - disable - enable description: log tunnel traffic counter type: str tunnel-limit: description: tunnel limit type: int tunnel-limit-log: choices: - disable - enable description: tunnel limit type: str tunnel-timeout: description: Established tunnel timeout type: int unknown-version-action: choices: - allow - deny description: action for unknown gtp version type: str user-plane-message-rate-limit: description: user plane message rate limit type: int warning-threshold: description: Warning threshold for rate limiting type: int type: dict rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list