Try SpotterMessage filter for GTPv0/v1 messages in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and message_filter_v0v1 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Message filter for GTPv0/v1 messages.
fortinet.fortios.fortios_gtp_message_filter_v0v1:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
gtp_message_filter_v0v1:
create_mbms: "allow"
create_pdp: "allow"
data_record: "allow"
delete_aa_pdp: "allow"
delete_mbms: "allow"
delete_pdp: "allow"
echo: "allow"
end_marker: "allow"
error_indication: "allow"
failure_report: "allow"
fwd_relocation: "allow"
fwd_srns_context: "allow"
gtp_pdu: "allow"
identification: "allow"
mbms_de_registration: "allow"
mbms_notification: "allow"
mbms_registration: "allow"
mbms_session_start: "allow"
mbms_session_stop: "allow"
mbms_session_update: "allow"
ms_info_change_notif: "allow"
name: "default_name_24"
node_alive: "allow"
note_ms_present: "allow"
pdu_notification: "allow"
ran_info: "allow"
redirection: "allow"
relocation_cancel: "allow"
send_route: "allow"
sgsn_context: "allow"
support_extension: "allow"
ue_registration_query: "allow"
unknown_message: "allow"
unknown_message_white_list:
-
id: "37"
update_mbms: "allow"
update_pdp: "allow"
v0_create_aa_pdp__v1_init_pdp_ctx: "allow"
version_not_support: "allow"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
gtp_message_filter_v0v1:
default: null
description:
- Message filter for GTPv0/v1 messages.
suboptions:
create_mbms:
choices:
- allow
- deny
description:
- GTPv1 create MBMS context (req 100, resp 101).
type: str
create_pdp:
choices:
- allow
- deny
description:
- Create PDP context (req 16, resp 17).
type: str
data_record:
choices:
- allow
- deny
description:
- Data record transfer (req 240, resp 241).
type: str
delete_aa_pdp:
choices:
- allow
- deny
description:
- GTPv0 delete AA PDP context (req 24, resp 25).
type: str
delete_mbms:
choices:
- allow
- deny
description:
- GTPv1 delete MBMS context (req 104, resp 105).
type: str
delete_pdp:
choices:
- allow
- deny
description:
- Delete PDP context (req 20, resp 21).
type: str
echo:
choices:
- allow
- deny
description:
- Echo (req 1, resp 2).
type: str
end_marker:
choices:
- allow
- deny
description:
- GTPv1 End marker (254).
type: str
error_indication:
choices:
- allow
- deny
description:
- Error indication (26).
type: str
failure_report:
choices:
- allow
- deny
description:
- Failure report (req 34, resp 35).
type: str
fwd_relocation:
choices:
- allow
- deny
description:
- GTPv1 forward relocation (req 53, resp 54, complete 55, complete ack 59).
type: str
fwd_srns_context:
choices:
- allow
- deny
description:
- GTPv1 forward SRNS (context 58, context ack 60).
type: str
gtp_pdu:
choices:
- allow
- deny
description:
- PDU (255).
type: str
identification:
choices:
- allow
- deny
description:
- Identification (req 48, resp 49).
type: str
mbms_de_registration:
choices:
- allow
- deny
description:
- GTPv1 MBMS de-registration (req 114, resp 115).
type: str
mbms_notification:
choices:
- allow
- deny
description:
- GTPv1 MBMS notification (req 96, resp 97, reject req 98. reject resp 99).
type: str
mbms_registration:
choices:
- allow
- deny
description:
- GTPv1 MBMS registration (req 112, resp 113).
type: str
mbms_session_start:
choices:
- allow
- deny
description:
- GTPv1 MBMS session start (req 116, resp 117).
type: str
mbms_session_stop:
choices:
- allow
- deny
description:
- GTPv1 MBMS session stop (req 118, resp 119).
type: str
mbms_session_update:
choices:
- allow
- deny
description:
- GTPv1 MBMS session update (req 120, resp 121).
type: str
ms_info_change_notif:
choices:
- allow
- deny
description:
- GTPv1 MS info change notification (req 128, resp 129).
type: str
name:
description:
- Message filter name.
required: true
type: str
node_alive:
choices:
- allow
- deny
description:
- Node alive (req 4, resp 5).
type: str
note_ms_present:
choices:
- allow
- deny
description:
- Note MS GPRS present (req 36, resp 37).
type: str
pdu_notification:
choices:
- allow
- deny
description:
- PDU notification (req 27, resp 28, reject req 29, reject resp 30).
type: str
ran_info:
choices:
- allow
- deny
description:
- GTPv1 RAN information relay (70).
type: str
redirection:
choices:
- allow
- deny
description:
- Redirection (req 6, resp 7).
type: str
relocation_cancel:
choices:
- allow
- deny
description:
- GTPv1 relocation cancel (req 56, resp 57).
type: str
send_route:
choices:
- allow
- deny
description:
- Send routing information for GPRS (req 32, resp 33).
type: str
sgsn_context:
choices:
- allow
- deny
description:
- SGSN context (req 50, resp 51, ack 52).
type: str
support_extension:
choices:
- allow
- deny
description:
- GTPv1 supported extension headers notify (31).
type: str
ue_registration_query:
choices:
- allow
- deny
description:
- UE Registration Query (req 61, resp ack 62).
type: str
unknown_message:
choices:
- allow
- deny
description:
- Allow or Deny unknown messages.
type: str
unknown_message_white_list:
description:
- White list (to allow) of unknown messages.
elements: dict
suboptions:
id:
description:
- Message IDs. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
update_mbms:
choices:
- allow
- deny
description:
- GTPv1 update MBMS context (req 102, resp 103).
type: str
update_pdp:
choices:
- allow
- deny
description:
- Update PDP context (req 18, resp 19).
type: str
v0_create_aa_pdp__v1_init_pdp_ctx:
choices:
- allow
- deny
description:
- GTPv0 create AA PDP context (req 22, resp 23); Or GTPv1 initiate PDP context
(req 22, resp 23).
type: str
version_not_support:
choices:
- allow
- deny
description:
- Version not supported (3).
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str