Try SpotterConfigure GTP in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure GTP.
fortinet.fortios.fortios_firewall_gtp:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_gtp:
addr_notify: "<your_own_value>"
apn:
-
action: "allow"
apnmember:
-
name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)"
id: "8"
selection_mode: "ms"
apn_filter: "enable"
authorized_ggsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
authorized_ggsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
authorized_sgsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
authorized_sgsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
comment: "Comment."
context_id: "696"
control_plane_message_rate_limit: "0"
default_apn_action: "allow"
default_imsi_action: "allow"
default_ip_action: "allow"
default_noip_action: "allow"
default_policy_action: "allow"
denied_log: "enable"
echo_request_interval: "0"
extension_log: "enable"
forwarded_log: "enable"
global_tunnel_limit: "<your_own_value> (source gtp.tunnel-limit.name)"
gtp_in_gtp: "allow"
gtpu_denied_log: "enable"
gtpu_forwarded_log: "enable"
gtpu_log_freq: "0"
half_close_timeout: "10"
half_open_timeout: "300"
handover_group: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
handover_group6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ie_allow_list_v0v1: "<your_own_value> (source gtp.ie-allow-list.name)"
ie_allow_list_v2: "<your_own_value> (source gtp.ie-allow-list.name)"
ie_remove_policy:
-
id: "39"
remove_ies: "apn-restriction"
sgsn_addr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
sgsn_addr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ie_remover: "enable"
ie_validation:
apn_restriction: "enable"
charging_gateway_addr: "enable"
charging_ID: "enable"
end_user_addr: "enable"
gsn_addr: "enable"
imei: "enable"
imsi: "enable"
mm_context: "enable"
ms_tzone: "enable"
ms_validated: "enable"
msisdn: "enable"
nsapi: "enable"
pdp_context: "enable"
qos_profile: "enable"
rai: "enable"
rat_type: "enable"
reordering_required: "enable"
selection_mode: "enable"
uli: "enable"
ie_white_list_v0v1: "<your_own_value> (source gtp.ie-white-list.name)"
ie_white_list_v2: "<your_own_value> (source gtp.ie-white-list.name)"
imsi:
-
action: "allow"
apnmember:
-
name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)"
id: "70"
mcc_mnc: "<your_own_value>"
msisdn_prefix: "<your_own_value>"
selection_mode: "ms"
imsi_filter: "enable"
interface_notify: "<your_own_value> (source system.interface.name)"
invalid_reserved_field: "allow"
invalid_sgsns_to_log: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
invalid_sgsns6_to_log: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ip_filter: "enable"
ip_policy:
-
action: "allow"
dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
dstaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
id: "84"
srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
srcaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
log_freq: "0"
log_gtpu_limit: "0"
log_imsi_prefix: "<your_own_value>"
log_msisdn_prefix: "<your_own_value>"
max_message_length: "1452"
message_filter_v0v1: "<your_own_value> (source gtp.message-filter-v0v1.name)"
message_filter_v2: "<your_own_value> (source gtp.message-filter-v2.name)"
message_rate_limit:
create_aa_pdp_request: "0"
create_aa_pdp_response: "0"
create_mbms_request: "0"
create_mbms_response: "0"
create_pdp_request: "0"
create_pdp_response: "0"
delete_aa_pdp_request: "0"
delete_aa_pdp_response: "0"
delete_mbms_request: "0"
delete_mbms_response: "0"
delete_pdp_request: "0"
delete_pdp_response: "0"
echo_reponse: "0"
echo_request: "0"
error_indication: "0"
failure_report_request: "0"
failure_report_response: "0"
fwd_reloc_complete_ack: "0"
fwd_relocation_complete: "0"
fwd_relocation_request: "0"
fwd_relocation_response: "0"
fwd_srns_context: "0"
fwd_srns_context_ack: "0"
g_pdu: "0"
identification_request: "0"
identification_response: "0"
mbms_de_reg_request: "0"
mbms_de_reg_response: "0"
mbms_notify_rej_request: "0"
mbms_notify_rej_response: "0"
mbms_notify_request: "0"
mbms_notify_response: "0"
mbms_reg_request: "0"
mbms_reg_response: "0"
mbms_ses_start_request: "0"
mbms_ses_start_response: "0"
mbms_ses_stop_request: "0"
mbms_ses_stop_response: "0"
note_ms_request: "0"
note_ms_response: "0"
pdu_notify_rej_request: "0"
pdu_notify_rej_response: "0"
pdu_notify_request: "0"
pdu_notify_response: "0"
ran_info: "0"
relocation_cancel_request: "0"
relocation_cancel_response: "0"
send_route_request: "0"
send_route_response: "0"
sgsn_context_ack: "0"
sgsn_context_request: "0"
sgsn_context_response: "0"
support_ext_hdr_notify: "0"
update_mbms_request: "0"
update_mbms_response: "0"
update_pdp_request: "0"
update_pdp_response: "0"
version_not_support: "0"
message_rate_limit_v0:
create_pdp_request: "0"
delete_pdp_request: "0"
echo_request: "0"
message_rate_limit_v1:
create_pdp_request: "0"
delete_pdp_request: "0"
echo_request: "0"
message_rate_limit_v2:
create_session_request: "0"
delete_session_request: "0"
echo_request: "0"
min_message_length: "0"
miss_must_ie: "allow"
monitor_mode: "enable"
name: "default_name_168"
noip_filter: "enable"
noip_policy:
-
action: "allow"
end: "0"
id: "173"
start: "0"
type: "etsi"
out_of_state_ie: "allow"
out_of_state_message: "allow"
per_apn_shaper:
-
apn: "<your_own_value> (source gtp.apn.name)"
id: "180"
rate_limit: "0"
version: "1"
policy:
-
action: "allow"
apn_sel_mode: "ms"
apnmember:
-
name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)"
id: "188"
imei: "<your_own_value>"
imsi: "<your_own_value>"
imsi_prefix: "<your_own_value>"
max_apn_restriction: "all"
messages: "create-req"
msisdn: "<your_own_value>"
msisdn_prefix: "<your_own_value>"
rai: "<your_own_value>"
rat_type: "any"
uli: "<your_own_value>"
policy_filter: "enable"
policy_v2:
-
action: "allow"
apn_sel_mode: "ms"
apnmember:
-
name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)"
id: "205"
imsi_prefix: "<your_own_value>"
max_apn_restriction: "all"
mei: "<your_own_value>"
messages: "create-ses-req"
msisdn_prefix: "<your_own_value>"
rat_type: "any"
uli: "<your_own_value>"
port_notify: "21123"
rat_timeout_profile: "<your_own_value> (source gtp.rat-timeout-profile.name)"
rate_limit_mode: "per-profile"
rate_limited_log: "enable"
rate_sampling_interval: "1"
remove_if_echo_expires: "enable"
remove_if_recovery_differ: "enable"
reserved_ie: "allow"
send_delete_when_timeout: "enable"
send_delete_when_timeout_v2: "enable"
spoof_src_addr: "allow"
state_invalid_log: "enable"
sub_second_interval: "0.5"
sub_second_sampling: "enable"
traffic_count_log: "enable"
tunnel_limit: "0"
tunnel_limit_log: "enable"
tunnel_timeout: "86400"
unknown_version_action: "allow"
user_plane_message_rate_limit: "0"
warning_threshold: "0"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
firewall_gtp:
default: null
description:
- Configure GTP.
suboptions:
addr_notify:
description:
- overbilling notify address
type: str
apn:
description:
- APN.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
apnmember:
description:
- APN member.
elements: dict
suboptions:
name:
description:
- APN name. Source gtp.apn.name gtp.apngrp.name.
required: true
type: str
type: list
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
selection_mode:
choices:
- ms
- net
- vrf
description:
- APN selection mode.
elements: str
type: list
type: list
apn_filter:
choices:
- enable
- disable
description:
- apn filter
type: str
authorized_ggsns:
description:
- Authorized GGSN/PGW group. Source firewall.address.name firewall.addrgrp.name.
type: str
authorized_ggsns6:
description:
- Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
type: str
authorized_sgsns:
description:
- Authorized SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name.
type: str
authorized_sgsns6:
description:
- Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
type: str
comment:
description:
- Comment.
type: str
context_id:
description:
- Overbilling context.
type: int
control_plane_message_rate_limit:
description:
- control plane message rate limit
type: int
default_apn_action:
choices:
- allow
- deny
description:
- default apn action
type: str
default_imsi_action:
choices:
- allow
- deny
description:
- default imsi action
type: str
default_ip_action:
choices:
- allow
- deny
description:
- default action for encapsulated IP traffic
type: str
default_noip_action:
choices:
- allow
- deny
description:
- default action for encapsulated non-IP traffic
type: str
default_policy_action:
choices:
- allow
- deny
description:
- default advanced policy action
type: str
denied_log:
choices:
- enable
- disable
description:
- log denied
type: str
echo_request_interval:
description:
- echo request interval (in seconds)
type: int
extension_log:
choices:
- enable
- disable
description:
- log in extension format
type: str
forwarded_log:
choices:
- enable
- disable
description:
- log forwarded
type: str
global_tunnel_limit:
description:
- Global tunnel limit. Source gtp.tunnel-limit.name.
type: str
gtp_in_gtp:
choices:
- allow
- deny
description:
- gtp in gtp
type: str
gtpu_denied_log:
choices:
- enable
- disable
description:
- Enable/disable logging of denied GTP-U packets.
type: str
gtpu_forwarded_log:
choices:
- enable
- disable
description:
- Enable/disable logging of forwarded GTP-U packets.
type: str
gtpu_log_freq:
description:
- Logging of frequency of GTP-U packets.
type: int
half_close_timeout:
description:
- Half-close tunnel timeout (in seconds).
type: int
half_open_timeout:
description:
- Half-open tunnel timeout (in seconds).
type: int
handover_group:
description:
- Handover SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name.
type: str
handover_group6:
description:
- Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name.
type: str
ie_allow_list_v0v1:
description:
- IE allow list. Source gtp.ie-allow-list.name.
type: str
ie_allow_list_v2:
description:
- IE allow list. Source gtp.ie-allow-list.name.
type: str
ie_remove_policy:
description:
- IE remove policy.
elements: dict
suboptions:
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
remove_ies:
choices:
- apn-restriction
- rat-type
- rai
- uli
- imei
description:
- GTP IEs to be removed.
elements: str
type: list
sgsn_addr:
description:
- SGSN address name. Source firewall.address.name firewall.addrgrp.name.
type: str
sgsn_addr6:
description:
- SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
type: list
ie_remover:
choices:
- enable
- disable
description:
- IE removal policy.
type: str
ie_validation:
description:
- IE validation.
suboptions:
apn_restriction:
choices:
- enable
- disable
description:
- Validate APN restriction.
type: str
charging_ID:
choices:
- enable
- disable
description:
- Validate charging ID.
type: str
charging_gateway_addr:
choices:
- enable
- disable
description:
- Validate charging gateway address.
type: str
end_user_addr:
choices:
- enable
- disable
description:
- Validate end user address.
type: str
gsn_addr:
choices:
- enable
- disable
description:
- Validate GSN address.
type: str
imei:
choices:
- enable
- disable
description:
- Validate IMEI(SV).
type: str
imsi:
choices:
- enable
- disable
description:
- Validate IMSI.
type: str
mm_context:
choices:
- enable
- disable
description:
- Validate MM context.
type: str
ms_tzone:
choices:
- enable
- disable
description:
- Validate MS time zone.
type: str
ms_validated:
choices:
- enable
- disable
description:
- Validate MS validated.
type: str
msisdn:
choices:
- enable
- disable
description:
- Validate MSISDN.
type: str
nsapi:
choices:
- enable
- disable
description:
- Validate NSAPI.
type: str
pdp_context:
choices:
- enable
- disable
description:
- Validate PDP context.
type: str
qos_profile:
choices:
- enable
- disable
description:
- Validate Quality of Service(QoS) profile.
type: str
rai:
choices:
- enable
- disable
description:
- Validate RAI.
type: str
rat_type:
choices:
- enable
- disable
description:
- Validate RAT type.
type: str
reordering_required:
choices:
- enable
- disable
description:
- Validate re-ordering required.
type: str
selection_mode:
choices:
- enable
- disable
description:
- Validate selection mode.
type: str
uli:
choices:
- enable
- disable
description:
- Validate user location information.
type: str
type: dict
ie_white_list_v0v1:
description:
- IE white list. Source gtp.ie-white-list.name.
type: str
ie_white_list_v2:
description:
- IE white list. Source gtp.ie-white-list.name.
type: str
imsi:
description:
- IMSI.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
apnmember:
description:
- APN member.
elements: dict
suboptions:
name:
description:
- APN name. Source gtp.apn.name gtp.apngrp.name.
required: true
type: str
type: list
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
mcc_mnc:
description:
- MCC MNC.
type: str
msisdn_prefix:
description:
- MSISDN prefix.
type: str
selection_mode:
choices:
- ms
- net
- vrf
description:
- APN selection mode.
elements: str
type: list
type: list
imsi_filter:
choices:
- enable
- disable
description:
- imsi filter
type: str
interface_notify:
description:
- overbilling interface Source system.interface.name.
type: str
invalid_reserved_field:
choices:
- allow
- deny
description:
- Invalid reserved field in GTP header
type: str
invalid_sgsns6_to_log:
description:
- Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name.
type: str
invalid_sgsns_to_log:
description:
- Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name.
type: str
ip_filter:
choices:
- enable
- disable
description:
- IP filter for encapsulted traffic
type: str
ip_policy:
description:
- IP policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
dstaddr:
description:
- Destination address name. Source firewall.address.name firewall.addrgrp.name.
type: str
dstaddr6:
description:
- Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
srcaddr:
description:
- Source address name. Source firewall.address.name firewall.addrgrp.name.
type: str
srcaddr6:
description:
- Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name.
type: str
type: list
log_freq:
description:
- Logging of frequency of GTP-C packets.
type: int
log_gtpu_limit:
description:
- the user data log limit (0-512 bytes)
type: int
log_imsi_prefix:
description:
- IMSI prefix for selective logging.
type: str
log_msisdn_prefix:
description:
- the msisdn prefix for selective logging
type: str
max_message_length:
description:
- max message length
type: int
message_filter_v0v1:
description:
- Message filter. Source gtp.message-filter-v0v1.name.
type: str
message_filter_v2:
description:
- Message filter. Source gtp.message-filter-v2.name.
type: str
message_rate_limit:
description:
- Message rate limiting.
suboptions:
create_aa_pdp_request:
description:
- Rate limit for create AA PDP context request (packets per second).
type: int
create_aa_pdp_response:
description:
- Rate limit for create AA PDP context response (packets per second).
type: int
create_mbms_request:
description:
- Rate limit for create MBMS context request (packets per second).
type: int
create_mbms_response:
description:
- Rate limit for create MBMS context response (packets per second).
type: int
create_pdp_request:
description:
- Rate limit for create PDP context request (packets per second).
type: int
create_pdp_response:
description:
- Rate limit for create PDP context response (packets per second).
type: int
delete_aa_pdp_request:
description:
- Rate limit for delete AA PDP context request (packets per second).
type: int
delete_aa_pdp_response:
description:
- Rate limit for delete AA PDP context response (packets per second).
type: int
delete_mbms_request:
description:
- Rate limit for delete MBMS context request (packets per second).
type: int
delete_mbms_response:
description:
- Rate limit for delete MBMS context response (packets per second).
type: int
delete_pdp_request:
description:
- Rate limit for delete PDP context request (packets per second).
type: int
delete_pdp_response:
description:
- Rate limit for delete PDP context response (packets per second).
type: int
echo_reponse:
description:
- Rate limit for echo response (packets per second).
type: int
echo_request:
description:
- Rate limit for echo requests (packets per second).
type: int
error_indication:
description:
- Rate limit for error indication (packets per second).
type: int
failure_report_request:
description:
- Rate limit for failure report request (packets per second).
type: int
failure_report_response:
description:
- Rate limit for failure report response (packets per second).
type: int
fwd_reloc_complete_ack:
description:
- Rate limit for forward relocation complete acknowledge (packets per second).
type: int
fwd_relocation_complete:
description:
- Rate limit for forward relocation complete (packets per second).
type: int
fwd_relocation_request:
description:
- Rate limit for forward relocation request (packets per second).
type: int
fwd_relocation_response:
description:
- Rate limit for forward relocation response (packets per second).
type: int
fwd_srns_context:
description:
- Rate limit for forward SRNS context (packets per second).
type: int
fwd_srns_context_ack:
description:
- Rate limit for forward SRNS context acknowledge (packets per second).
type: int
g_pdu:
description:
- Rate limit for G-PDU (packets per second).
type: int
identification_request:
description:
- Rate limit for identification request (packets per second).
type: int
identification_response:
description:
- Rate limit for identification response (packets per second).
type: int
mbms_de_reg_request:
description:
- Rate limit for MBMS de-registration request (packets per second).
type: int
mbms_de_reg_response:
description:
- Rate limit for MBMS de-registration response (packets per second).
type: int
mbms_notify_rej_request:
description:
- Rate limit for MBMS notification reject request (packets per second).
type: int
mbms_notify_rej_response:
description:
- Rate limit for MBMS notification reject response (packets per second).
type: int
mbms_notify_request:
description:
- Rate limit for MBMS notification request (packets per second).
type: int
mbms_notify_response:
description:
- Rate limit for MBMS notification response (packets per second).
type: int
mbms_reg_request:
description:
- Rate limit for MBMS registration request (packets per second).
type: int
mbms_reg_response:
description:
- Rate limit for MBMS registration response (packets per second).
type: int
mbms_ses_start_request:
description:
- Rate limit for MBMS session start request (packets per second).
type: int
mbms_ses_start_response:
description:
- Rate limit for MBMS session start response (packets per second).
type: int
mbms_ses_stop_request:
description:
- Rate limit for MBMS session stop request (packets per second).
type: int
mbms_ses_stop_response:
description:
- Rate limit for MBMS session stop response (packets per second).
type: int
note_ms_request:
description:
- Rate limit for note MS GPRS present request (packets per second).
type: int
note_ms_response:
description:
- Rate limit for note MS GPRS present response (packets per second).
type: int
pdu_notify_rej_request:
description:
- Rate limit for PDU notify reject request (packets per second).
type: int
pdu_notify_rej_response:
description:
- Rate limit for PDU notify reject response (packets per second).
type: int
pdu_notify_request:
description:
- Rate limit for PDU notify request (packets per second).
type: int
pdu_notify_response:
description:
- Rate limit for PDU notify response (packets per second).
type: int
ran_info:
description:
- Rate limit for RAN information relay (packets per second).
type: int
relocation_cancel_request:
description:
- Rate limit for relocation cancel request (packets per second).
type: int
relocation_cancel_response:
description:
- Rate limit for relocation cancel response (packets per second).
type: int
send_route_request:
description:
- Rate limit for send routing information for GPRS request (packets per second).
type: int
send_route_response:
description:
- Rate limit for send routing information for GPRS response (packets per second).
type: int
sgsn_context_ack:
description:
- Rate limit for SGSN context acknowledgement (packets per second).
type: int
sgsn_context_request:
description:
- Rate limit for SGSN context request (packets per second).
type: int
sgsn_context_response:
description:
- Rate limit for SGSN context response (packets per second).
type: int
support_ext_hdr_notify:
description:
- Rate limit for support extension headers notification (packets per second).
type: int
update_mbms_request:
description:
- Rate limit for update MBMS context request (packets per second).
type: int
update_mbms_response:
description:
- Rate limit for update MBMS context response (packets per second).
type: int
update_pdp_request:
description:
- Rate limit for update PDP context request (packets per second).
type: int
update_pdp_response:
description:
- Rate limit for update PDP context response (packets per second).
type: int
version_not_support:
description:
- Rate limit for version not supported (packets per second).
type: int
type: dict
message_rate_limit_v0:
description:
- Message rate limiting for GTP version 0.
suboptions:
create_pdp_request:
description:
- Rate limit (packets/s) for create PDP context request.
type: int
delete_pdp_request:
description:
- Rate limit (packets/s) for delete PDP context request.
type: int
echo_request:
description:
- Rate limit (packets/s) for echo request.
type: int
type: dict
message_rate_limit_v1:
description:
- Message rate limiting for GTP version 1.
suboptions:
create_pdp_request:
description:
- Rate limit (packets/s) for create PDP context request.
type: int
delete_pdp_request:
description:
- Rate limit (packets/s) for delete PDP context request.
type: int
echo_request:
description:
- Rate limit (packets/s) for echo request.
type: int
type: dict
message_rate_limit_v2:
description:
- Message rate limiting for GTP version 2.
suboptions:
create_session_request:
description:
- Rate limit (packets/s) for create session request.
type: int
delete_session_request:
description:
- Rate limit (packets/s) for delete session request.
type: int
echo_request:
description:
- Rate limit (packets/s) for echo request.
type: int
type: dict
min_message_length:
description:
- min message length
type: int
miss_must_ie:
choices:
- allow
- deny
description:
- Missing mandatory information element
type: str
monitor_mode:
choices:
- enable
- disable
- vdom
description:
- GTP monitor mode.
type: str
name:
description:
- Profile name.
required: true
type: str
noip_filter:
choices:
- enable
- disable
description:
- non-IP filter for encapsulted traffic
type: str
noip_policy:
description:
- No IP policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
end:
description:
- End of protocol range (0 - 255).
type: int
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
start:
description:
- Start of protocol range (0 - 255).
type: int
type:
choices:
- etsi
- ietf
description:
- Protocol field type.
type: str
type: list
out_of_state_ie:
choices:
- allow
- deny
description:
- Out of state information element.
type: str
out_of_state_message:
choices:
- allow
- deny
description:
- Out of state GTP message
type: str
per_apn_shaper:
description:
- Per APN shaper.
elements: dict
suboptions:
apn:
description:
- APN name. Source gtp.apn.name.
type: str
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
rate_limit:
description:
- Rate limit (packets/s) for create PDP context request.
type: int
version:
description:
- 'GTP version number: 0 or 1.'
type: int
type: list
policy:
description:
- Policy.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
apn_sel_mode:
choices:
- ms
- net
- vrf
description:
- APN selection mode.
elements: str
type: list
apnmember:
description:
- APN member.
elements: dict
suboptions:
name:
description:
- APN name. Source gtp.apn.name gtp.apngrp.name.
required: true
type: str
type: list
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
imei:
description:
- IMEI pattern.
type: str
imsi:
description:
- IMSI prefix.
type: str
imsi_prefix:
description:
- IMSI prefix.
type: str
max_apn_restriction:
choices:
- all
- public-1
- public-2
- private-1
- private-2
description:
- Maximum APN restriction value.
type: str
messages:
choices:
- create-req
- create-res
- update-req
- update-res
description:
- GTP messages.
elements: str
type: list
msisdn:
description:
- MSISDN prefix.
type: str
msisdn_prefix:
description:
- MSISDN prefix.
type: str
rai:
description:
- RAI pattern.
type: str
rat_type:
choices:
- any
- utran
- geran
- wlan
- gan
- hspa
- eutran
- virtual
- nbiot
description:
- RAT Type.
elements: str
type: list
uli:
description:
- ULI pattern.
type: str
type: list
policy_filter:
choices:
- enable
- disable
description:
- Advanced policy filter
type: str
policy_v2:
description:
- Apply allow or deny action to each GTPv2-c packet.
elements: dict
suboptions:
action:
choices:
- allow
- deny
description:
- Action.
type: str
apn_sel_mode:
choices:
- ms
- net
- vrf
description:
- APN selection mode.
elements: str
type: list
apnmember:
description:
- APN member.
elements: dict
suboptions:
name:
description:
- APN name. Source gtp.apn.name gtp.apngrp.name.
required: true
type: str
type: list
id:
description:
- ID. see <a href='#notes'>Notes</a>.
required: true
type: int
imsi_prefix:
description:
- IMSI prefix.
type: str
max_apn_restriction:
choices:
- all
- public-1
- public-2
- private-1
- private-2
description:
- Maximum APN restriction value.
type: str
mei:
description:
- MEI pattern.
type: str
messages:
choices:
- create-ses-req
- create-ses-res
- modify-bearer-req
- modify-bearer-res
description:
- GTP messages.
elements: str
type: list
msisdn_prefix:
description:
- MSISDN prefix.
type: str
rat_type:
choices:
- any
- utran
- geran
- wlan
- gan
- hspa
- eutran
- virtual
- nbiot
- ltem
- nr
description:
- RAT Type.
elements: str
type: list
uli:
description:
- GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI).
elements: str
type: list
type: list
port_notify:
description:
- overbilling notify port
type: int
rat_timeout_profile:
description:
- RAT timeout profile. Source gtp.rat-timeout-profile.name.
type: str
rate_limit_mode:
choices:
- per-profile
- per-stream
- per-apn
description:
- GTP rate limit mode.
type: str
rate_limited_log:
choices:
- enable
- disable
description:
- log rate limited
type: str
rate_sampling_interval:
description:
- rate sampling interval (1-3600 seconds)
type: int
remove_if_echo_expires:
choices:
- enable
- disable
description:
- remove if echo response expires
type: str
remove_if_recovery_differ:
choices:
- enable
- disable
description:
- remove upon different Recovery IE
type: str
reserved_ie:
choices:
- allow
- deny
description:
- reserved information element
type: str
send_delete_when_timeout:
choices:
- enable
- disable
description:
- send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.
type: str
send_delete_when_timeout_v2:
choices:
- enable
- disable
description:
- send DELETE request to path endpoints when GTPv2 tunnel timeout.
type: str
spoof_src_addr:
choices:
- allow
- deny
description:
- Spoofed source address for Mobile Station.
type: str
state_invalid_log:
choices:
- enable
- disable
description:
- log state invalid
type: str
sub_second_interval:
choices:
- '0.5'
- '0.25'
- '0.1'
description:
- Sub-second interval (0.1, 0.25, or 0.5 sec).
type: str
sub_second_sampling:
choices:
- enable
- disable
description:
- Enable/disable sub-second sampling.
type: str
traffic_count_log:
choices:
- enable
- disable
description:
- log tunnel traffic counter
type: str
tunnel_limit:
description:
- tunnel limit
type: int
tunnel_limit_log:
choices:
- enable
- disable
description:
- tunnel limit
type: str
tunnel_timeout:
description:
- Established tunnel timeout (in seconds).
type: int
unknown_version_action:
choices:
- allow
- deny
description:
- action for unknown gtp version
type: str
user_plane_message_rate_limit:
description:
- user plane message rate limit
type: int
warning_threshold:
description:
- Warning threshold for rate limiting (0 - 99 percent).
type: int
type: dict
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str