fortinet / fortinet.fortios / 2.3.6 / module / fortios_voip_profile Configure VoIP profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_voip_profile (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure VoIP profiles. fortinet.fortios.fortios_voip_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" voip_profile: comment: "Comment." feature_set: "ips" msrp: log_violations: "disable" max_msg_size: "0" max_msg_size_action: "pass" status: "disable" name: "default_name_10" sccp: block_mcast: "disable" log_call_summary: "disable" log_violations: "disable" max_calls: "0" status: "disable" verify_header: "disable" sip: ack_rate: "0" ack_rate_track: "none" block_ack: "disable" block_bye: "disable" block_cancel: "disable" block_geo_red_options: "disable" block_info: "disable" block_invite: "disable" block_long_lines: "disable" block_message: "disable" block_notify: "disable" block_options: "disable" block_prack: "disable" block_publish: "disable" block_refer: "disable" block_register: "disable" block_subscribe: "disable" block_unknown: "disable" block_update: "disable" bye_rate: "0" bye_rate_track: "none" call_id_regex: "<your_own_value>" call_keepalive: "0" cancel_rate: "0" cancel_rate_track: "none" contact_fixup: "disable" content_type_regex: "<your_own_value>" hnt_restrict_source_ip: "disable" hosted_nat_traversal: "disable" info_rate: "0" info_rate_track: "none" invite_rate: "0" invite_rate_track: "none" ips_rtp: "disable" log_call_summary: "disable" log_violations: "disable" malformed_header_allow: "discard" malformed_header_call_id: "discard" malformed_header_contact: "discard" malformed_header_content_length: "discard" malformed_header_content_type: "discard" malformed_header_cseq: "discard" malformed_header_expires: "discard" malformed_header_from: "discard" malformed_header_max_forwards: "discard" malformed_header_no_proxy_require: "discard" malformed_header_no_require: "discard" malformed_header_p_asserted_identity: "discard" malformed_header_rack: "discard" malformed_header_record_route: "discard" malformed_header_route: "discard" malformed_header_rseq: "discard" malformed_header_sdp_a: "discard" malformed_header_sdp_b: "discard" malformed_header_sdp_c: "discard" malformed_header_sdp_i: "discard" malformed_header_sdp_k: "discard" malformed_header_sdp_m: "discard" malformed_header_sdp_o: "discard" malformed_header_sdp_r: "discard" malformed_header_sdp_s: "discard" malformed_header_sdp_t: "discard" malformed_header_sdp_v: "discard" malformed_header_sdp_z: "discard" malformed_header_to: "discard" malformed_header_via: "discard" malformed_request_line: "discard" max_body_length: "0" max_dialogs: "0" max_idle_dialogs: "0" max_line_length: "998" message_rate: "0" message_rate_track: "none" nat_port_range: "<your_own_value>" nat_trace: "disable" no_sdp_fixup: "disable" notify_rate: "0" notify_rate_track: "none" open_contact_pinhole: "disable" open_record_route_pinhole: "disable" open_register_pinhole: "disable" open_via_pinhole: "disable" options_rate: "0" options_rate_track: "none" prack_rate: "0" prack_rate_track: "none" preserve_override: "disable" provisional_invite_expiry_time: "210" publish_rate: "0" publish_rate_track: "none" refer_rate: "0" refer_rate_track: "none" register_contact_trace: "disable" register_rate: "0" register_rate_track: "none" rfc2543_branch: "disable" rtp: "disable" ssl_algorithm: "high" ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)" ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)" ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)" ssl_client_renegotiation: "allow" ssl_max_version: "ssl-3.0" ssl_min_version: "ssl-3.0" ssl_mode: "off" ssl_pfs: "require" ssl_send_empty_frags: "enable" ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)" status: "disable" strict_register: "disable" subscribe_rate: "0" subscribe_rate_track: "none" unknown_header: "discard" update_rate: "0" update_rate_track: "none"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str voip_profile: default: null description: - Configure VoIP profiles. suboptions: comment: description: - Comment. type: str feature_set: choices: - ips - voipd - flow - proxy description: - IPS or voipd (SIP-ALG) inspection feature set. type: str msrp: description: - MSRP. suboptions: log_violations: choices: - disable - enable description: - Enable/disable logging of MSRP violations. type: str max_msg_size: description: - Maximum allowable MSRP message size (1-65535). type: int max_msg_size_action: choices: - pass - block - reset - monitor description: - Action for violation of max-msg-size. type: str status: choices: - disable - enable description: - Enable/disable MSRP. type: str type: dict name: description: - Profile name. required: true type: str sccp: description: - SCCP. suboptions: block_mcast: choices: - disable - enable description: - Enable/disable block multicast RTP connections. type: str log_call_summary: choices: - disable - enable description: - Enable/disable log summary of SCCP calls. type: str log_violations: choices: - disable - enable description: - Enable/disable logging of SCCP violations. type: str max_calls: description: - Maximum calls per minute per SCCP client (max 65535). type: int status: choices: - disable - enable description: - Enable/disable SCCP. type: str verify_header: choices: - disable - enable description: - Enable/disable verify SCCP header content. type: str type: dict sip: description: - SIP. suboptions: ack_rate: description: - ACK request rate limit (per second, per policy). type: int ack_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str block_ack: choices: - disable - enable description: - Enable/disable block ACK requests. type: str block_bye: choices: - disable - enable description: - Enable/disable block BYE requests. type: str block_cancel: choices: - disable - enable description: - Enable/disable block CANCEL requests. type: str block_geo_red_options: choices: - disable - enable description: - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. type: str block_info: choices: - disable - enable description: - Enable/disable block INFO requests. type: str block_invite: choices: - disable - enable description: - Enable/disable block INVITE requests. type: str block_long_lines: choices: - disable - enable description: - Enable/disable block requests with headers exceeding max-line-length. type: str block_message: choices: - disable - enable description: - Enable/disable block MESSAGE requests. type: str block_notify: choices: - disable - enable description: - Enable/disable block NOTIFY requests. type: str block_options: choices: - disable - enable description: - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. type: str block_prack: choices: - disable - enable description: - Enable/disable block prack requests. type: str block_publish: choices: - disable - enable description: - Enable/disable block PUBLISH requests. type: str block_refer: choices: - disable - enable description: - Enable/disable block REFER requests. type: str block_register: choices: - disable - enable description: - Enable/disable block REGISTER requests. type: str block_subscribe: choices: - disable - enable description: - Enable/disable block SUBSCRIBE requests. type: str block_unknown: choices: - disable - enable description: - Block unrecognized SIP requests (enabled by default). type: str block_update: choices: - disable - enable description: - Enable/disable block UPDATE requests. type: str bye_rate: description: - BYE request rate limit (per second, per policy). type: int bye_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str call_id_regex: description: - Validate PCRE regular expression for Call-Id header value. type: str call_keepalive: description: - Continue tracking calls with no RTP for this many minutes. type: int cancel_rate: description: - CANCEL request rate limit (per second, per policy). type: int cancel_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str contact_fixup: choices: - disable - enable description: - Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. type: str content_type_regex: description: - Validate PCRE regular expression for Content-Type header value. type: str hnt_restrict_source_ip: choices: - disable - enable description: - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. type: str hosted_nat_traversal: choices: - disable - enable description: - Hosted NAT Traversal (HNT). type: str info_rate: description: - INFO request rate limit (per second, per policy). type: int info_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str invite_rate: description: - INVITE request rate limit (per second, per policy). type: int invite_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str ips_rtp: choices: - disable - enable description: - Enable/disable allow IPS on RTP. type: str log_call_summary: choices: - disable - enable description: - Enable/disable logging of SIP call summary. type: str log_violations: choices: - disable - enable description: - Enable/disable logging of SIP violations. type: str malformed_header_allow: choices: - discard - pass - respond description: - Action for malformed Allow header. type: str malformed_header_call_id: choices: - discard - pass - respond description: - Action for malformed Call-ID header. type: str malformed_header_contact: choices: - discard - pass - respond description: - Action for malformed Contact header. type: str malformed_header_content_length: choices: - discard - pass - respond description: - Action for malformed Content-Length header. type: str malformed_header_content_type: choices: - discard - pass - respond description: - Action for malformed Content-Type header. type: str malformed_header_cseq: choices: - discard - pass - respond description: - Action for malformed CSeq header. type: str malformed_header_expires: choices: - discard - pass - respond description: - Action for malformed Expires header. type: str malformed_header_from: choices: - discard - pass - respond description: - Action for malformed From header. type: str malformed_header_max_forwards: choices: - discard - pass - respond description: - Action for malformed Max-Forwards header. type: str malformed_header_no_proxy_require: choices: - discard - pass - respond description: - Action for malformed SIP messages without Proxy-Require header. type: str malformed_header_no_require: choices: - discard - pass - respond description: - Action for malformed SIP messages without Require header. type: str malformed_header_p_asserted_identity: choices: - discard - pass - respond description: - Action for malformed P-Asserted-Identity header. type: str malformed_header_rack: choices: - discard - pass - respond description: - Action for malformed RAck header. type: str malformed_header_record_route: choices: - discard - pass - respond description: - Action for malformed Record-Route header. type: str malformed_header_route: choices: - discard - pass - respond description: - Action for malformed Route header. type: str malformed_header_rseq: choices: - discard - pass - respond description: - Action for malformed RSeq header. type: str malformed_header_sdp_a: choices: - discard - pass - respond description: - Action for malformed SDP a line. type: str malformed_header_sdp_b: choices: - discard - pass - respond description: - Action for malformed SDP b line. type: str malformed_header_sdp_c: choices: - discard - pass - respond description: - Action for malformed SDP c line. type: str malformed_header_sdp_i: choices: - discard - pass - respond description: - Action for malformed SDP i line. type: str malformed_header_sdp_k: choices: - discard - pass - respond description: - Action for malformed SDP k line. type: str malformed_header_sdp_m: choices: - discard - pass - respond description: - Action for malformed SDP m line. type: str malformed_header_sdp_o: choices: - discard - pass - respond description: - Action for malformed SDP o line. type: str malformed_header_sdp_r: choices: - discard - pass - respond description: - Action for malformed SDP r line. type: str malformed_header_sdp_s: choices: - discard - pass - respond description: - Action for malformed SDP s line. type: str malformed_header_sdp_t: choices: - discard - pass - respond description: - Action for malformed SDP t line. type: str malformed_header_sdp_v: choices: - discard - pass - respond description: - Action for malformed SDP v line. type: str malformed_header_sdp_z: choices: - discard - pass - respond description: - Action for malformed SDP z line. type: str malformed_header_to: choices: - discard - pass - respond description: - Action for malformed To header. type: str malformed_header_via: choices: - discard - pass - respond description: - Action for malformed VIA header. type: str malformed_request_line: choices: - discard - pass - respond description: - Action for malformed request line. type: str max_body_length: description: - Maximum SIP message body length (0 meaning no limit). type: int max_dialogs: description: - Maximum number of concurrent calls/dialogs (per policy). type: int max_idle_dialogs: description: - Maximum number established but idle dialogs to retain (per policy). type: int max_line_length: description: - Maximum SIP header line length (78-4096). type: int message_rate: description: - MESSAGE request rate limit (per second, per policy). type: int message_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str nat_port_range: description: - RTP NAT port range. type: str nat_trace: choices: - disable - enable description: - Enable/disable preservation of original IP in SDP i line. type: str no_sdp_fixup: choices: - disable - enable description: - Enable/disable no SDP fix-up. type: str notify_rate: description: - NOTIFY request rate limit (per second, per policy). type: int notify_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str open_contact_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for non-REGISTER Contact port. type: str open_record_route_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Record-Route port. type: str open_register_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for REGISTER Contact port. type: str open_via_pinhole: choices: - disable - enable description: - Enable/disable open pinhole for Via port. type: str options_rate: description: - OPTIONS request rate limit (per second, per policy). type: int options_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str prack_rate: description: - PRACK request rate limit (per second, per policy). type: int prack_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str preserve_override: choices: - disable - enable description: - Override i line to preserve original IPs . type: str provisional_invite_expiry_time: description: - Expiry time (10-3600, in seconds) for provisional INVITE. type: int publish_rate: description: - PUBLISH request rate limit (per second, per policy). type: int publish_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str refer_rate: description: - REFER request rate limit (per second, per policy). type: int refer_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str register_contact_trace: choices: - disable - enable description: - Enable/disable trace original IP/port within the contact header of REGISTER requests. type: str register_rate: description: - REGISTER request rate limit (per second, per policy). type: int register_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str rfc2543_branch: choices: - disable - enable description: - Enable/disable support via branch compliant with RFC 2543. type: str rtp: choices: - disable - enable description: - Enable/disable create pinholes for RTP traffic to traverse firewall. type: str ssl_algorithm: choices: - high - medium - low description: - Relative strength of encryption algorithms accepted in negotiation. type: str ssl_auth_client: description: - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str ssl_auth_server: description: - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str ssl_client_certificate: description: - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. type: str ssl_client_renegotiation: choices: - allow - deny - secure description: - Allow/block client renegotiation by server. type: str ssl_max_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Highest SSL/TLS version to negotiate. type: str ssl_min_version: choices: - ssl-3.0 - tls-1.0 - tls-1.1 - tls-1.2 - tls-1.3 description: - Lowest SSL/TLS version to negotiate. type: str ssl_mode: choices: - 'off' - full description: - SSL/TLS mode for encryption & decryption of traffic. type: str ssl_pfs: choices: - require - deny - allow description: - SSL Perfect Forward Secrecy. type: str ssl_send_empty_frags: choices: - enable - disable description: - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). type: str ssl_server_certificate: description: - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. type: str status: choices: - disable - enable description: - Enable/disable SIP. type: str strict_register: choices: - disable - enable description: - Enable/disable only allow the registrar to connect. type: str subscribe_rate: description: - SUBSCRIBE request rate limit (per second, per policy). type: int subscribe_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str unknown_header: choices: - discard - pass - respond description: - Action for unknown SIP header. type: str update_rate: description: - UPDATE request rate limit (per second, per policy). type: int update_rate_track: choices: - none - src-ip - dest-ip description: - Track the packet protocol field. type: str type: dict type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str