Try SpotterSIP.
| "added in version" 2.0.0 of drmofu.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections:
- name: drmofu.fortimanager
version: 2.2.2This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: SIP.
fmgr_voip_profile_sip:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
profile: <your own value>
voip_profile_sip:
ack-rate: <value of integer>
block-ack: <value in [disable, enable]>
block-bye: <value in [disable, enable]>
block-cancel: <value in [disable, enable]>
block-geo-red-options: <value in [disable, enable]>
block-info: <value in [disable, enable]>
block-invite: <value in [disable, enable]>
block-long-lines: <value in [disable, enable]>
block-message: <value in [disable, enable]>
block-notify: <value in [disable, enable]>
block-options: <value in [disable, enable]>
block-prack: <value in [disable, enable]>
block-publish: <value in [disable, enable]>
block-refer: <value in [disable, enable]>
block-register: <value in [disable, enable]>
block-subscribe: <value in [disable, enable]>
block-unknown: <value in [disable, enable]>
block-update: <value in [disable, enable]>
bye-rate: <value of integer>
call-keepalive: <value of integer>
cancel-rate: <value of integer>
contact-fixup: <value in [disable, enable]>
hnt-restrict-source-ip: <value in [disable, enable]>
hosted-nat-traversal: <value in [disable, enable]>
info-rate: <value of integer>
invite-rate: <value of integer>
ips-rtp: <value in [disable, enable]>
log-call-summary: <value in [disable, enable]>
log-violations: <value in [disable, enable]>
malformed-header-allow: <value in [pass, discard, respond]>
malformed-header-call-id: <value in [pass, discard, respond]>
malformed-header-contact: <value in [pass, discard, respond]>
malformed-header-content-length: <value in [pass, discard, respond]>
malformed-header-content-type: <value in [pass, discard, respond]>
malformed-header-cseq: <value in [pass, discard, respond]>
malformed-header-expires: <value in [pass, discard, respond]>
malformed-header-from: <value in [pass, discard, respond]>
malformed-header-max-forwards: <value in [pass, discard, respond]>
malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
malformed-header-rack: <value in [pass, discard, respond]>
malformed-header-record-route: <value in [pass, discard, respond]>
malformed-header-route: <value in [pass, discard, respond]>
malformed-header-rseq: <value in [pass, discard, respond]>
malformed-header-sdp-a: <value in [pass, discard, respond]>
malformed-header-sdp-b: <value in [pass, discard, respond]>
malformed-header-sdp-c: <value in [pass, discard, respond]>
malformed-header-sdp-i: <value in [pass, discard, respond]>
malformed-header-sdp-k: <value in [pass, discard, respond]>
malformed-header-sdp-m: <value in [pass, discard, respond]>
malformed-header-sdp-o: <value in [pass, discard, respond]>
malformed-header-sdp-r: <value in [pass, discard, respond]>
malformed-header-sdp-s: <value in [pass, discard, respond]>
malformed-header-sdp-t: <value in [pass, discard, respond]>
malformed-header-sdp-v: <value in [pass, discard, respond]>
malformed-header-sdp-z: <value in [pass, discard, respond]>
malformed-header-to: <value in [pass, discard, respond]>
malformed-header-via: <value in [pass, discard, respond]>
malformed-request-line: <value in [pass, discard, respond]>
max-body-length: <value of integer>
max-dialogs: <value of integer>
max-idle-dialogs: <value of integer>
max-line-length: <value of integer>
message-rate: <value of integer>
nat-trace: <value in [disable, enable]>
no-sdp-fixup: <value in [disable, enable]>
notify-rate: <value of integer>
open-contact-pinhole: <value in [disable, enable]>
open-record-route-pinhole: <value in [disable, enable]>
open-register-pinhole: <value in [disable, enable]>
open-via-pinhole: <value in [disable, enable]>
options-rate: <value of integer>
prack-rate: <value of integer>
preserve-override: <value in [disable, enable]>
provisional-invite-expiry-time: <value of integer>
publish-rate: <value of integer>
refer-rate: <value of integer>
register-contact-trace: <value in [disable, enable]>
register-rate: <value of integer>
rfc2543-branch: <value in [disable, enable]>
rtp: <value in [disable, enable]>
ssl-algorithm: <value in [high, medium, low]>
ssl-auth-client: <value of string>
ssl-auth-server: <value of string>
ssl-client-certificate: <value of string>
ssl-client-renegotiation: <value in [allow, deny, secure]>
ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
ssl-mode: <value in [off, full]>
ssl-pfs: <value in [require, deny, allow]>
ssl-send-empty-frags: <value in [disable, enable]>
ssl-server-certificate: <value of string>
status: <value in [disable, enable]>
strict-register: <value in [disable, enable]>
subscribe-rate: <value of integer>
unknown-header: <value in [pass, discard, respond]>
update-rate: <value of integer>
nat-port-range: <value of string>
ack-rate-track: <value in [none, src-ip, dest-ip]>
bye-rate-track: <value in [none, src-ip, dest-ip]>
cancel-rate-track: <value in [none, src-ip, dest-ip]>
info-rate-track: <value in [none, src-ip, dest-ip]>
invite-rate-track: <value in [none, src-ip, dest-ip]>
malformed-header-no-proxy-require: <value in [pass, discard, respond]>
malformed-header-no-require: <value in [pass, discard, respond]>
message-rate-track: <value in [none, src-ip, dest-ip]>
notify-rate-track: <value in [none, src-ip, dest-ip]>
options-rate-track: <value in [none, src-ip, dest-ip]>
prack-rate-track: <value in [none, src-ip, dest-ip]>
publish-rate-track: <value in [none, src-ip, dest-ip]>
refer-rate-track: <value in [none, src-ip, dest-ip]>
register-rate-track: <value in [none, src-ip, dest-ip]>
subscribe-rate-track: <value in [none, src-ip, dest-ip]>
update-rate-track: <value in [none, src-ip, dest-ip]>
call-id-regex: <value of string>
content-type-regex: <value of string>
adom:
description: the parameter (adom) in requested url
required: true
type: str
profile:
description: the parameter (profile) in requested url
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
required: false
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
required: false
type: bool
access_token:
description: The token to access FortiManager without using username and password.
required: false
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
required: false
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
required: false
type: str
voip_profile_sip:
description: the top level parameters set
required: false
suboptions:
ack-rate:
description: ACK request rate limit
type: int
ack-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
block-ack:
choices:
- disable
- enable
description: Enable/disable block ACK requests.
type: str
block-bye:
choices:
- disable
- enable
description: Enable/disable block BYE requests.
type: str
block-cancel:
choices:
- disable
- enable
description: Enable/disable block CANCEL requests.
type: str
block-geo-red-options:
choices:
- disable
- enable
description: Enable/disable block OPTIONS requests, but OPTIONS requests still
notify for redundancy.
type: str
block-info:
choices:
- disable
- enable
description: Enable/disable block INFO requests.
type: str
block-invite:
choices:
- disable
- enable
description: Enable/disable block INVITE requests.
type: str
block-long-lines:
choices:
- disable
- enable
description: Enable/disable block requests with headers exceeding max-line-length.
type: str
block-message:
choices:
- disable
- enable
description: Enable/disable block MESSAGE requests.
type: str
block-notify:
choices:
- disable
- enable
description: Enable/disable block NOTIFY requests.
type: str
block-options:
choices:
- disable
- enable
description: Enable/disable block OPTIONS requests and no OPTIONS as notifying
message for redundancy either.
type: str
block-prack:
choices:
- disable
- enable
description: Enable/disable block prack requests.
type: str
block-publish:
choices:
- disable
- enable
description: Enable/disable block PUBLISH requests.
type: str
block-refer:
choices:
- disable
- enable
description: Enable/disable block REFER requests.
type: str
block-register:
choices:
- disable
- enable
description: Enable/disable block REGISTER requests.
type: str
block-subscribe:
choices:
- disable
- enable
description: Enable/disable block SUBSCRIBE requests.
type: str
block-unknown:
choices:
- disable
- enable
description: Block unrecognized SIP requests
type: str
block-update:
choices:
- disable
- enable
description: Enable/disable block UPDATE requests.
type: str
bye-rate:
description: BYE request rate limit
type: int
bye-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
call-id-regex:
description: Validate PCRE regular expression for Call-Id header value.
type: str
call-keepalive:
description: Continue tracking calls with no RTP for this many minutes.
type: int
cancel-rate:
description: CANCEL request rate limit
type: int
cancel-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
contact-fixup:
choices:
- disable
- enable
description: Fixup contact anyway even if contacts IP
type: str
content-type-regex:
description: Validate PCRE regular expression for Content-Type header value.
type: str
hnt-restrict-source-ip:
choices:
- disable
- enable
description: Enable/disable restrict RTP source IP to be the same as SIP source
IP when HNT is enabled.
type: str
hosted-nat-traversal:
choices:
- disable
- enable
description: Hosted NAT Traversal
type: str
info-rate:
description: INFO request rate limit
type: int
info-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
invite-rate:
description: INVITE request rate limit
type: int
invite-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
ips-rtp:
choices:
- disable
- enable
description: Enable/disable allow IPS on RTP.
type: str
log-call-summary:
choices:
- disable
- enable
description: Enable/disable logging of SIP call summary.
type: str
log-violations:
choices:
- disable
- enable
description: Enable/disable logging of SIP violations.
type: str
malformed-header-allow:
choices:
- pass
- discard
- respond
description: Action for malformed Allow header.
type: str
malformed-header-call-id:
choices:
- pass
- discard
- respond
description: Action for malformed Call-ID header.
type: str
malformed-header-contact:
choices:
- pass
- discard
- respond
description: Action for malformed Contact header.
type: str
malformed-header-content-length:
choices:
- pass
- discard
- respond
description: Action for malformed Content-Length header.
type: str
malformed-header-content-type:
choices:
- pass
- discard
- respond
description: Action for malformed Content-Type header.
type: str
malformed-header-cseq:
choices:
- pass
- discard
- respond
description: Action for malformed CSeq header.
type: str
malformed-header-expires:
choices:
- pass
- discard
- respond
description: Action for malformed Expires header.
type: str
malformed-header-from:
choices:
- pass
- discard
- respond
description: Action for malformed From header.
type: str
malformed-header-max-forwards:
choices:
- pass
- discard
- respond
description: Action for malformed Max-Forwards header.
type: str
malformed-header-no-proxy-require:
choices:
- pass
- discard
- respond
description: Action for malformed SIP messages without Proxy-Require header.
type: str
malformed-header-no-require:
choices:
- pass
- discard
- respond
description: Action for malformed SIP messages without Require header.
type: str
malformed-header-p-asserted-identity:
choices:
- pass
- discard
- respond
description: Action for malformed P-Asserted-Identity header.
type: str
malformed-header-rack:
choices:
- pass
- discard
- respond
description: Action for malformed RAck header.
type: str
malformed-header-record-route:
choices:
- pass
- discard
- respond
description: Action for malformed Record-Route header.
type: str
malformed-header-route:
choices:
- pass
- discard
- respond
description: Action for malformed Route header.
type: str
malformed-header-rseq:
choices:
- pass
- discard
- respond
description: Action for malformed RSeq header.
type: str
malformed-header-sdp-a:
choices:
- pass
- discard
- respond
description: Action for malformed SDP a line.
type: str
malformed-header-sdp-b:
choices:
- pass
- discard
- respond
description: Action for malformed SDP b line.
type: str
malformed-header-sdp-c:
choices:
- pass
- discard
- respond
description: Action for malformed SDP c line.
type: str
malformed-header-sdp-i:
choices:
- pass
- discard
- respond
description: Action for malformed SDP i line.
type: str
malformed-header-sdp-k:
choices:
- pass
- discard
- respond
description: Action for malformed SDP k line.
type: str
malformed-header-sdp-m:
choices:
- pass
- discard
- respond
description: Action for malformed SDP m line.
type: str
malformed-header-sdp-o:
choices:
- pass
- discard
- respond
description: Action for malformed SDP o line.
type: str
malformed-header-sdp-r:
choices:
- pass
- discard
- respond
description: Action for malformed SDP r line.
type: str
malformed-header-sdp-s:
choices:
- pass
- discard
- respond
description: Action for malformed SDP s line.
type: str
malformed-header-sdp-t:
choices:
- pass
- discard
- respond
description: Action for malformed SDP t line.
type: str
malformed-header-sdp-v:
choices:
- pass
- discard
- respond
description: Action for malformed SDP v line.
type: str
malformed-header-sdp-z:
choices:
- pass
- discard
- respond
description: Action for malformed SDP z line.
type: str
malformed-header-to:
choices:
- pass
- discard
- respond
description: Action for malformed To header.
type: str
malformed-header-via:
choices:
- pass
- discard
- respond
description: Action for malformed VIA header.
type: str
malformed-request-line:
choices:
- pass
- discard
- respond
description: Action for malformed request line.
type: str
max-body-length:
description: Maximum SIP message body length
type: int
max-dialogs:
description: Maximum number of concurrent calls/dialogs
type: int
max-idle-dialogs:
description: Maximum number established but idle dialogs to retain
type: int
max-line-length:
description: Maximum SIP header line length
type: int
message-rate:
description: MESSAGE request rate limit
type: int
message-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
nat-port-range:
description: RTP NAT port range.
type: str
nat-trace:
choices:
- disable
- enable
description: Enable/disable preservation of original IP in SDP i line.
type: str
no-sdp-fixup:
choices:
- disable
- enable
description: Enable/disable no SDP fix-up.
type: str
notify-rate:
description: NOTIFY request rate limit
type: int
notify-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
open-contact-pinhole:
choices:
- disable
- enable
description: Enable/disable open pinhole for non-REGISTER Contact port.
type: str
open-record-route-pinhole:
choices:
- disable
- enable
description: Enable/disable open pinhole for Record-Route port.
type: str
open-register-pinhole:
choices:
- disable
- enable
description: Enable/disable open pinhole for REGISTER Contact port.
type: str
open-via-pinhole:
choices:
- disable
- enable
description: Enable/disable open pinhole for Via port.
type: str
options-rate:
description: OPTIONS request rate limit
type: int
options-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
prack-rate:
description: PRACK request rate limit
type: int
prack-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
preserve-override:
choices:
- disable
- enable
description: Override i line to preserve original IPS
type: str
provisional-invite-expiry-time:
description: Expiry time for provisional INVITE
type: int
publish-rate:
description: PUBLISH request rate limit
type: int
publish-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
refer-rate:
description: REFER request rate limit
type: int
refer-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
register-contact-trace:
choices:
- disable
- enable
description: Enable/disable trace original IP/port within the contact header of
REGISTER requests.
type: str
register-rate:
description: REGISTER request rate limit
type: int
register-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
rfc2543-branch:
choices:
- disable
- enable
description: Enable/disable support via branch compliant with RFC 2543.
type: str
rtp:
choices:
- disable
- enable
description: Enable/disable create pinholes for RTP traffic to traverse firewall.
type: str
ssl-algorithm:
choices:
- high
- medium
- low
description: Relative strength of encryption algorithms accepted in negotiation.
type: str
ssl-auth-client:
description: Require a client certificate and authenticate it with the peer/peergrp.
type: str
ssl-auth-server:
description: Authenticate the servers certificate with the peer/peergrp.
type: str
ssl-client-certificate:
description: Name of Certificate to offer to server if requested.
type: str
ssl-client-renegotiation:
choices:
- allow
- deny
- secure
description: Allow/block client renegotiation by server.
type: str
ssl-max-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Highest SSL/TLS version to negotiate.
type: str
ssl-min-version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description: Lowest SSL/TLS version to negotiate.
type: str
ssl-mode:
choices:
- 'off'
- full
description: SSL/TLS mode for encryption & decryption of traffic.
type: str
ssl-pfs:
choices:
- require
- deny
- allow
description: SSL Perfect Forward Secrecy.
type: str
ssl-send-empty-frags:
choices:
- disable
- enable
description: Send empty fragments to avoid attack on CBC IV
type: str
ssl-server-certificate:
description: Name of Certificate return to the client in every SSL connection.
type: str
status:
choices:
- disable
- enable
description: Enable/disable SIP.
type: str
strict-register:
choices:
- disable
- enable
description: Enable/disable only allow the registrar to connect.
type: str
subscribe-rate:
description: SUBSCRIBE request rate limit
type: int
subscribe-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
unknown-header:
choices:
- pass
- discard
- respond
description: Action for unknown SIP header.
type: str
update-rate:
description: UPDATE request rate limit
type: int
update-rate-track:
choices:
- none
- src-ip
- dest-ip
description: Track the packet protocol field.
type: str
type: dict
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
required: false
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
required: false
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
required: false
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
required: false
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list