Try SpotterMessage filter for GTPv2 messages in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and message_filter_v2 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Message filter for GTPv2 messages.
fortinet.fortios.fortios_gtp_message_filter_v2:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
gtp_message_filter_v2:
alert_mme_notif_ack: "allow"
bearer_resource_cmd_fail: "allow"
change_notification: "allow"
configuration_transfer_tunnel: "allow"
context_req_res_ack: "allow"
create_bearer: "allow"
create_forwarding_tunnel_req_resp: "allow"
create_indirect_forwarding_tunnel_req_resp: "allow"
create_session: "allow"
cs_paging: "allow"
delete_bearer_cmd_fail: "allow"
delete_bearer_req_resp: "allow"
delete_indirect_forwarding_tunnel_req_resp: "allow"
delete_pdn_connection_set: "allow"
delete_session: "allow"
detach_notif_ack: "allow"
dlink_data_notif_ack: "allow"
dlink_notif_failure: "allow"
echo: "allow"
forward_access_notif_ack: "allow"
forward_relocation_cmp_notif_ack: "allow"
forward_relocation_req_res: "allow"
identification_req_resp: "allow"
isr_status: "allow"
mbms_session_start_req_resp: "allow"
mbms_session_stop_req_resp: "allow"
mbms_session_update_req_resp: "allow"
modify_access_req_resp: "allow"
modify_bearer_cmd_fail: "allow"
modify_bearer_req_resp: "allow"
name: "default_name_33"
pgw_dlink_notif_ack: "allow"
pgw_restart_notif_ack: "allow"
ran_info_relay: "allow"
release_access_bearer_req_resp: "allow"
relocation_cancel_req_resp: "allow"
remote_ue_report_notif_ack: "allow"
reserved_for_earlier_version: "allow"
resume: "allow"
stop_paging_indication: "allow"
suspend: "allow"
trace_session: "allow"
ue_activity_notif_ack: "allow"
ue_registration_query_req_resp: "allow"
unknown_message: "allow"
unknown_message_white_list:
-
id: "49"
update_bearer: "allow"
update_pdn_connection_set: "allow"
version_not_support: "allow"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
gtp_message_filter_v2:
default: null
description:
- Message filter for GTPv2 messages.
suboptions:
alert_mme_notif_ack:
choices:
- allow
- deny
description:
- Alert MME notification/acknowledge (notif 153, ack 154).
type: str
bearer_resource_cmd_fail:
choices:
- allow
- deny
description:
- Bearer resource (command 68, failure indication 69).
type: str
change_notification:
choices:
- allow
- deny
description:
- Change notification (req 38, resp 39).
type: str
configuration_transfer_tunnel:
choices:
- allow
- deny
description:
- Configuration transfer tunnel (141).
type: str
context_req_res_ack:
choices:
- allow
- deny
description:
- Context request/response/acknowledge (req 130, resp 131, ack 132).
type: str
create_bearer:
choices:
- allow
- deny
description:
- Create bearer (req 95, resp 96).
type: str
create_forwarding_tunnel_req_resp:
choices:
- allow
- deny
description:
- Create forwarding tunnel request/response (req 160, resp 161).
type: str
create_indirect_forwarding_tunnel_req_resp:
choices:
- allow
- deny
description:
- Create indirect data forwarding tunnel request/response (req 166, resp 167).
type: str
create_session:
choices:
- allow
- deny
description:
- Create session (req 32, resp 33).
type: str
cs_paging:
choices:
- allow
- deny
description:
- CS paging indication (151)
type: str
delete_bearer_cmd_fail:
choices:
- allow
- deny
description:
- Delete bearer (command 66, failure indication 67).
type: str
delete_bearer_req_resp:
choices:
- allow
- deny
description:
- Delete bearer (req 99, resp 100).
type: str
delete_indirect_forwarding_tunnel_req_resp:
choices:
- allow
- deny
description:
- Delete indirect data forwarding tunnel request/response (req 168, resp 169).
type: str
delete_pdn_connection_set:
choices:
- allow
- deny
description:
- Delete PDN connection set (req 101, resp 102).
type: str
delete_session:
choices:
- allow
- deny
description:
- Delete session (req 36, resp 37).
type: str
detach_notif_ack:
choices:
- allow
- deny
description:
- Detach notification/acknowledge (notif 149, ack 150).
type: str
dlink_data_notif_ack:
choices:
- allow
- deny
description:
- Downlink data notification/acknowledge (notif 176, ack 177).
type: str
dlink_notif_failure:
choices:
- allow
- deny
description:
- Downlink data notification failure indication (70).
type: str
echo:
choices:
- allow
- deny
description:
- Echo (req 1, resp 2).
type: str
forward_access_notif_ack:
choices:
- allow
- deny
description:
- Forward access context notification/acknowledge (notif 137, ack 138).
type: str
forward_relocation_cmp_notif_ack:
choices:
- allow
- deny
description:
- Forward relocation complete notification/acknowledge (notif 135, ack 136).
type: str
forward_relocation_req_res:
choices:
- allow
- deny
description:
- Forward relocation request/response (req 133, resp 134).
type: str
identification_req_resp:
choices:
- allow
- deny
description:
- Identification request/response (req 128, resp 129).
type: str
isr_status:
choices:
- allow
- deny
description:
- ISR status indication (157).
type: str
mbms_session_start_req_resp:
choices:
- allow
- deny
description:
- MBMS session start request/response (req 231, resp 232).
type: str
mbms_session_stop_req_resp:
choices:
- allow
- deny
description:
- MBMS session stop request/response (req 235, resp 236).
type: str
mbms_session_update_req_resp:
choices:
- allow
- deny
description:
- MBMS session update request/response (req 233, resp 234).
type: str
modify_access_req_resp:
choices:
- allow
- deny
description:
- Modify access bearers request/response (req 211, resp 212).
type: str
modify_bearer_cmd_fail:
choices:
- allow
- deny
description:
- Modify bearer (command 64 , failure indication 65).
type: str
modify_bearer_req_resp:
choices:
- allow
- deny
description:
- Modify bearer (req 34, resp 35).
type: str
name:
description:
- Message filter name.
required: true
type: str
pgw_dlink_notif_ack:
choices:
- allow
- deny
description:
- PGW downlink triggering notification/acknowledge (notif 103, ack 104).
type: str
pgw_restart_notif_ack:
choices:
- allow
- deny
description:
- PGW restart notification/acknowledge (notif 179, ack 180).
type: str
ran_info_relay:
choices:
- allow
- deny
description:
- RAN information relay (152).
type: str
release_access_bearer_req_resp:
choices:
- allow
- deny
description:
- Release access bearers request/response (req 170, resp 171).
type: str
relocation_cancel_req_resp:
choices:
- allow
- deny
description:
- Relocation cancel request/response (req 139, resp 140).
type: str
remote_ue_report_notif_ack:
choices:
- allow
- deny
description:
- Remote UE report notification/acknowledge (notif 40, ack 41).
type: str
reserved_for_earlier_version:
choices:
- allow
- deny
description:
- Reserved for earlier version of the GTP specification (178).
type: str
resume:
choices:
- allow
- deny
description:
- Resume (notify 164 , ack 165).
type: str
stop_paging_indication:
choices:
- allow
- deny
description:
- Stop Paging Indication (73).
type: str
suspend:
choices:
- allow
- deny
description:
- Suspend (notify 162, ack 163).
type: str
trace_session:
choices:
- allow
- deny
description:
- Trace session (activation 71, deactivation 72).
type: str
ue_activity_notif_ack:
choices:
- allow
- deny
description:
- UE activity notification/acknowledge (notif 155, ack 156).
type: str
ue_registration_query_req_resp:
choices:
- allow
- deny
description:
- UE registration query request/response (req 158, resp 159).
type: str
unknown_message:
choices:
- allow
- deny
description:
- Allow or Deny unknown messages.
type: str
unknown_message_white_list:
description:
- White list (to allow) of unknown messages.
elements: dict
suboptions:
id:
description:
- Message IDs. see <a href='#notes'>Notes</a>.
required: true
type: int
type: list
update_bearer:
choices:
- allow
- deny
description:
- Update bearer (req 97, resp 98).
type: str
update_pdn_connection_set:
choices:
- allow
- deny
description:
- Update PDN connection set (req 200, resp 201).
type: str
version_not_support:
choices:
- allow
- deny
description:
- Version not supported (3).
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str