lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_firewall_gtp Configure GTP in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_firewall_gtp (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure GTP. fortios_firewall_gtp: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_gtp: addr_notify: "<your_own_value>" apn: - action: "allow" apnmember: - name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)" id: "8" selection_mode: "ms" apn_filter: "enable" authorized_ggsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" authorized_ggsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" authorized_sgsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" authorized_sgsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" comment: "Comment." context_id: "696" control_plane_message_rate_limit: "0" default_apn_action: "allow" default_imsi_action: "allow" default_ip_action: "allow" default_noip_action: "allow" default_policy_action: "allow" denied_log: "enable" echo_request_interval: "0" extension_log: "enable" forwarded_log: "enable" global_tunnel_limit: "<your_own_value> (source gtp.tunnel-limit.name)" gtp_in_gtp: "allow" gtpu_denied_log: "enable" gtpu_forwarded_log: "enable" gtpu_log_freq: "0" half_close_timeout: "10" half_open_timeout: "300" handover_group: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" handover_group6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ie_allow_list_v0v1: "<your_own_value> (source gtp.ie-allow-list.name)" ie_allow_list_v2: "<your_own_value> (source gtp.ie-allow-list.name)" ie_remove_policy: - id: "39" remove_ies: "apn-restriction" sgsn_addr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" sgsn_addr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ie_remover: "enable" ie_validation: apn_restriction: "enable" charging_gateway_addr: "enable" charging_ID: "enable" end_user_addr: "enable" gsn_addr: "enable" imei: "enable" imsi: "enable" mm_context: "enable" ms_tzone: "enable" ms_validated: "enable" msisdn: "enable" nsapi: "enable" pdp_context: "enable" qos_profile: "enable" rai: "enable" rat_type: "enable" reordering_required: "enable" selection_mode: "enable" uli: "enable" ie_white_list_v0v1: "<your_own_value> (source gtp.ie-white-list.name)" ie_white_list_v2: "<your_own_value> (source gtp.ie-white-list.name)" imsi: - action: "allow" apnmember: - name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)" id: "70" mcc_mnc: "<your_own_value>" msisdn_prefix: "<your_own_value>" selection_mode: "ms" imsi_filter: "enable" interface_notify: "<your_own_value> (source system.interface.name)" invalid_reserved_field: "allow" invalid_sgsns_to_log: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" invalid_sgsns6_to_log: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" ip_filter: "enable" ip_policy: - action: "allow" dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" dstaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" id: "84" srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)" srcaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)" log_freq: "0" log_gtpu_limit: "0" log_imsi_prefix: "<your_own_value>" log_msisdn_prefix: "<your_own_value>" max_message_length: "1452" message_filter_v0v1: "<your_own_value> (source gtp.message-filter-v0v1.name)" message_filter_v2: "<your_own_value> (source gtp.message-filter-v2.name)" message_rate_limit: create_aa_pdp_request: "0" create_aa_pdp_response: "0" create_mbms_request: "0" create_mbms_response: "0" create_pdp_request: "0" create_pdp_response: "0" delete_aa_pdp_request: "0" delete_aa_pdp_response: "0" delete_mbms_request: "0" delete_mbms_response: "0" delete_pdp_request: "0" delete_pdp_response: "0" echo_reponse: "0" echo_request: "0" error_indication: "0" failure_report_request: "0" failure_report_response: "0" fwd_reloc_complete_ack: "0" fwd_relocation_complete: "0" fwd_relocation_request: "0" fwd_relocation_response: "0" fwd_srns_context: "0" fwd_srns_context_ack: "0" g_pdu: "0" identification_request: "0" identification_response: "0" mbms_de_reg_request: "0" mbms_de_reg_response: "0" mbms_notify_rej_request: "0" mbms_notify_rej_response: "0" mbms_notify_request: "0" mbms_notify_response: "0" mbms_reg_request: "0" mbms_reg_response: "0" mbms_ses_start_request: "0" mbms_ses_start_response: "0" mbms_ses_stop_request: "0" mbms_ses_stop_response: "0" note_ms_request: "0" note_ms_response: "0" pdu_notify_rej_request: "0" pdu_notify_rej_response: "0" pdu_notify_request: "0" pdu_notify_response: "0" ran_info: "0" relocation_cancel_request: "0" relocation_cancel_response: "0" send_route_request: "0" send_route_response: "0" sgsn_context_ack: "0" sgsn_context_request: "0" sgsn_context_response: "0" support_ext_hdr_notify: "0" update_mbms_request: "0" update_mbms_response: "0" update_pdp_request: "0" update_pdp_response: "0" version_not_support: "0" message_rate_limit_v0: create_pdp_request: "0" delete_pdp_request: "0" echo_request: "0" message_rate_limit_v1: create_pdp_request: "0" delete_pdp_request: "0" echo_request: "0" message_rate_limit_v2: create_session_request: "0" delete_session_request: "0" echo_request: "0" min_message_length: "0" miss_must_ie: "allow" monitor_mode: "enable" name: "default_name_168" noip_filter: "enable" noip_policy: - action: "allow" end: "0" id: "173" start: "0" type: "etsi" out_of_state_ie: "allow" out_of_state_message: "allow" per_apn_shaper: - apn: "<your_own_value> (source gtp.apn.name)" id: "180" rate_limit: "0" version: "1" policy: - action: "allow" apn_sel_mode: "ms" apnmember: - name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)" id: "188" imei: "<your_own_value>" imsi: "<your_own_value>" imsi_prefix: "<your_own_value>" max_apn_restriction: "all" messages: "create-req" msisdn: "<your_own_value>" msisdn_prefix: "<your_own_value>" rai: "<your_own_value>" rat_type: "any" uli: "<your_own_value>" policy_filter: "enable" policy_v2: - action: "allow" apn_sel_mode: "ms" apnmember: - name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)" id: "205" imsi_prefix: "<your_own_value>" max_apn_restriction: "all" mei: "<your_own_value>" messages: "create-ses-req" msisdn_prefix: "<your_own_value>" rat_type: "any" uli: "<your_own_value>" port_notify: "21123" rat_timeout_profile: "<your_own_value> (source gtp.rat-timeout-profile.name)" rate_limit_mode: "per-profile" rate_limited_log: "enable" rate_sampling_interval: "1" remove_if_echo_expires: "enable" remove_if_recovery_differ: "enable" reserved_ie: "allow" send_delete_when_timeout: "enable" send_delete_when_timeout_v2: "enable" spoof_src_addr: "allow" state_invalid_log: "enable" sub_second_interval: "0.5" sub_second_sampling: "enable" traffic_count_log: "enable" tunnel_limit: "0" tunnel_limit_log: "enable" tunnel_timeout: "86400" unknown_version_action: "allow" user_plane_message_rate_limit: "0" warning_threshold: "0"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str firewall_gtp: default: null description: - Configure GTP. suboptions: addr_notify: description: - overbilling notify address type: str apn: description: - APN. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str apnmember: description: - APN member. elements: dict suboptions: name: description: - APN name. Source gtp.apn.name gtp.apngrp.name. type: str type: list id: description: - ID. type: int selection_mode: choices: - ms - net - vrf description: - APN selection mode. elements: str type: list type: list apn_filter: choices: - enable - disable description: - apn filter type: str authorized_ggsns: description: - Authorized GGSN/PGW group. Source firewall.address.name firewall.addrgrp.name. type: str authorized_ggsns6: description: - Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str authorized_sgsns: description: - Authorized SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str authorized_sgsns6: description: - Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str comment: description: - Comment. type: str context_id: description: - Overbilling context. type: int control_plane_message_rate_limit: description: - control plane message rate limit type: int default_apn_action: choices: - allow - deny description: - default apn action type: str default_imsi_action: choices: - allow - deny description: - default imsi action type: str default_ip_action: choices: - allow - deny description: - default action for encapsulated IP traffic type: str default_noip_action: choices: - allow - deny description: - default action for encapsulated non-IP traffic type: str default_policy_action: choices: - allow - deny description: - default advanced policy action type: str denied_log: choices: - enable - disable description: - log denied type: str echo_request_interval: description: - echo request interval (in seconds) type: int extension_log: choices: - enable - disable description: - log in extension format type: str forwarded_log: choices: - enable - disable description: - log forwarded type: str global_tunnel_limit: description: - Global tunnel limit. Source gtp.tunnel-limit.name. type: str gtp_in_gtp: choices: - allow - deny description: - gtp in gtp type: str gtpu_denied_log: choices: - enable - disable description: - Enable/disable logging of denied GTP-U packets. type: str gtpu_forwarded_log: choices: - enable - disable description: - Enable/disable logging of forwarded GTP-U packets. type: str gtpu_log_freq: description: - Logging of frequency of GTP-U packets. type: int half_close_timeout: description: - Half-close tunnel timeout (in seconds). type: int half_open_timeout: description: - Half-open tunnel timeout (in seconds). type: int handover_group: description: - Handover SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str handover_group6: description: - Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str ie_allow_list_v0v1: description: - IE allow list. Source gtp.ie-allow-list.name. type: str ie_allow_list_v2: description: - IE allow list. Source gtp.ie-allow-list.name. type: str ie_remove_policy: description: - IE remove policy. elements: dict suboptions: id: description: - ID. type: int remove_ies: choices: - apn-restriction - rat-type - rai - uli - imei description: - GTP IEs to be removed. elements: str type: list sgsn_addr: description: - SGSN address name. Source firewall.address.name firewall.addrgrp.name. type: str sgsn_addr6: description: - SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str type: list ie_remover: choices: - enable - disable description: - IE removal policy. type: str ie_validation: description: - IE validation. suboptions: apn_restriction: choices: - enable - disable description: - Validate APN restriction. type: str charging_ID: choices: - enable - disable description: - Validate charging ID. type: str charging_gateway_addr: choices: - enable - disable description: - Validate charging gateway address. type: str end_user_addr: choices: - enable - disable description: - Validate end user address. type: str gsn_addr: choices: - enable - disable description: - Validate GSN address. type: str imei: choices: - enable - disable description: - Validate IMEI(SV). type: str imsi: choices: - enable - disable description: - Validate IMSI. type: str mm_context: choices: - enable - disable description: - Validate MM context. type: str ms_tzone: choices: - enable - disable description: - Validate MS time zone. type: str ms_validated: choices: - enable - disable description: - Validate MS validated. type: str msisdn: choices: - enable - disable description: - Validate MSISDN. type: str nsapi: choices: - enable - disable description: - Validate NSAPI. type: str pdp_context: choices: - enable - disable description: - Validate PDP context. type: str qos_profile: choices: - enable - disable description: - Validate Quality of Service(QoS) profile. type: str rai: choices: - enable - disable description: - Validate RAI. type: str rat_type: choices: - enable - disable description: - Validate RAT type. type: str reordering_required: choices: - enable - disable description: - Validate re-ordering required. type: str selection_mode: choices: - enable - disable description: - Validate selection mode. type: str uli: choices: - enable - disable description: - Validate user location information. type: str type: dict ie_white_list_v0v1: description: - IE white list. Source gtp.ie-white-list.name. type: str ie_white_list_v2: description: - IE white list. Source gtp.ie-white-list.name. type: str imsi: description: - IMSI. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str apnmember: description: - APN member. elements: dict suboptions: name: description: - APN name. Source gtp.apn.name gtp.apngrp.name. type: str type: list id: description: - ID. type: int mcc_mnc: description: - MCC MNC. type: str msisdn_prefix: description: - MSISDN prefix. type: str selection_mode: choices: - ms - net - vrf description: - APN selection mode. elements: str type: list type: list imsi_filter: choices: - enable - disable description: - imsi filter type: str interface_notify: description: - overbilling interface Source system.interface.name. type: str invalid_reserved_field: choices: - allow - deny description: - Invalid reserved field in GTP header type: str invalid_sgsns6_to_log: description: - Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name. type: str invalid_sgsns_to_log: description: - Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name. type: str ip_filter: choices: - enable - disable description: - IP filter for encapsulted traffic type: str ip_policy: description: - IP policy. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str dstaddr: description: - Destination address name. Source firewall.address.name firewall.addrgrp.name. type: str dstaddr6: description: - Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str id: description: - ID. type: int srcaddr: description: - Source address name. Source firewall.address.name firewall.addrgrp.name. type: str srcaddr6: description: - Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str type: list log_freq: description: - Logging of frequency of GTP-C packets. type: int log_gtpu_limit: description: - the user data log limit (0-512 bytes) type: int log_imsi_prefix: description: - IMSI prefix for selective logging. type: str log_msisdn_prefix: description: - the msisdn prefix for selective logging type: str max_message_length: description: - max message length type: int message_filter_v0v1: description: - Message filter. Source gtp.message-filter-v0v1.name. type: str message_filter_v2: description: - Message filter. Source gtp.message-filter-v2.name. type: str message_rate_limit: description: - Message rate limiting. suboptions: create_aa_pdp_request: description: - Rate limit for create AA PDP context request (packets per second). type: int create_aa_pdp_response: description: - Rate limit for create AA PDP context response (packets per second). type: int create_mbms_request: description: - Rate limit for create MBMS context request (packets per second). type: int create_mbms_response: description: - Rate limit for create MBMS context response (packets per second). type: int create_pdp_request: description: - Rate limit for create PDP context request (packets per second). type: int create_pdp_response: description: - Rate limit for create PDP context response (packets per second). type: int delete_aa_pdp_request: description: - Rate limit for delete AA PDP context request (packets per second). type: int delete_aa_pdp_response: description: - Rate limit for delete AA PDP context response (packets per second). type: int delete_mbms_request: description: - Rate limit for delete MBMS context request (packets per second). type: int delete_mbms_response: description: - Rate limit for delete MBMS context response (packets per second). type: int delete_pdp_request: description: - Rate limit for delete PDP context request (packets per second). type: int delete_pdp_response: description: - Rate limit for delete PDP context response (packets per second). type: int echo_reponse: description: - Rate limit for echo response (packets per second). type: int echo_request: description: - Rate limit for echo requests (packets per second). type: int error_indication: description: - Rate limit for error indication (packets per second). type: int failure_report_request: description: - Rate limit for failure report request (packets per second). type: int failure_report_response: description: - Rate limit for failure report response (packets per second). type: int fwd_reloc_complete_ack: description: - Rate limit for forward relocation complete acknowledge (packets per second). type: int fwd_relocation_complete: description: - Rate limit for forward relocation complete (packets per second). type: int fwd_relocation_request: description: - Rate limit for forward relocation request (packets per second). type: int fwd_relocation_response: description: - Rate limit for forward relocation response (packets per second). type: int fwd_srns_context: description: - Rate limit for forward SRNS context (packets per second). type: int fwd_srns_context_ack: description: - Rate limit for forward SRNS context acknowledge (packets per second). type: int g_pdu: description: - Rate limit for G-PDU (packets per second). type: int identification_request: description: - Rate limit for identification request (packets per second). type: int identification_response: description: - Rate limit for identification response (packets per second). type: int mbms_de_reg_request: description: - Rate limit for MBMS de-registration request (packets per second). type: int mbms_de_reg_response: description: - Rate limit for MBMS de-registration response (packets per second). type: int mbms_notify_rej_request: description: - Rate limit for MBMS notification reject request (packets per second). type: int mbms_notify_rej_response: description: - Rate limit for MBMS notification reject response (packets per second). type: int mbms_notify_request: description: - Rate limit for MBMS notification request (packets per second). type: int mbms_notify_response: description: - Rate limit for MBMS notification response (packets per second). type: int mbms_reg_request: description: - Rate limit for MBMS registration request (packets per second). type: int mbms_reg_response: description: - Rate limit for MBMS registration response (packets per second). type: int mbms_ses_start_request: description: - Rate limit for MBMS session start request (packets per second). type: int mbms_ses_start_response: description: - Rate limit for MBMS session start response (packets per second). type: int mbms_ses_stop_request: description: - Rate limit for MBMS session stop request (packets per second). type: int mbms_ses_stop_response: description: - Rate limit for MBMS session stop response (packets per second). type: int note_ms_request: description: - Rate limit for note MS GPRS present request (packets per second). type: int note_ms_response: description: - Rate limit for note MS GPRS present response (packets per second). type: int pdu_notify_rej_request: description: - Rate limit for PDU notify reject request (packets per second). type: int pdu_notify_rej_response: description: - Rate limit for PDU notify reject response (packets per second). type: int pdu_notify_request: description: - Rate limit for PDU notify request (packets per second). type: int pdu_notify_response: description: - Rate limit for PDU notify response (packets per second). type: int ran_info: description: - Rate limit for RAN information relay (packets per second). type: int relocation_cancel_request: description: - Rate limit for relocation cancel request (packets per second). type: int relocation_cancel_response: description: - Rate limit for relocation cancel response (packets per second). type: int send_route_request: description: - Rate limit for send routing information for GPRS request (packets per second). type: int send_route_response: description: - Rate limit for send routing information for GPRS response (packets per second). type: int sgsn_context_ack: description: - Rate limit for SGSN context acknowledgement (packets per second). type: int sgsn_context_request: description: - Rate limit for SGSN context request (packets per second). type: int sgsn_context_response: description: - Rate limit for SGSN context response (packets per second). type: int support_ext_hdr_notify: description: - Rate limit for support extension headers notification (packets per second). type: int update_mbms_request: description: - Rate limit for update MBMS context request (packets per second). type: int update_mbms_response: description: - Rate limit for update MBMS context response (packets per second). type: int update_pdp_request: description: - Rate limit for update PDP context request (packets per second). type: int update_pdp_response: description: - Rate limit for update PDP context response (packets per second). type: int version_not_support: description: - Rate limit for version not supported (packets per second). type: int type: dict message_rate_limit_v0: description: - Message rate limiting for GTP version 0. suboptions: create_pdp_request: description: - Rate limit (packets/s) for create PDP context request. type: int delete_pdp_request: description: - Rate limit (packets/s) for delete PDP context request. type: int echo_request: description: - Rate limit (packets/s) for echo request. type: int type: dict message_rate_limit_v1: description: - Message rate limiting for GTP version 1. suboptions: create_pdp_request: description: - Rate limit (packets/s) for create PDP context request. type: int delete_pdp_request: description: - Rate limit (packets/s) for delete PDP context request. type: int echo_request: description: - Rate limit (packets/s) for echo request. type: int type: dict message_rate_limit_v2: description: - Message rate limiting for GTP version 2. suboptions: create_session_request: description: - Rate limit (packets/s) for create session request. type: int delete_session_request: description: - Rate limit (packets/s) for delete session request. type: int echo_request: description: - Rate limit (packets/s) for echo request. type: int type: dict min_message_length: description: - min message length type: int miss_must_ie: choices: - allow - deny description: - Missing mandatory information element type: str monitor_mode: choices: - enable - disable - vdom description: - GTP monitor mode. type: str name: description: - Profile name. required: true type: str noip_filter: choices: - enable - disable description: - non-IP filter for encapsulted traffic type: str noip_policy: description: - No IP policy. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str end: description: - End of protocol range (0 - 255). type: int id: description: - ID. type: int start: description: - Start of protocol range (0 - 255). type: int type: choices: - etsi - ietf description: - Protocol field type. type: str type: list out_of_state_ie: choices: - allow - deny description: - Out of state information element. type: str out_of_state_message: choices: - allow - deny description: - Out of state GTP message type: str per_apn_shaper: description: - Per APN shaper. elements: dict suboptions: apn: description: - APN name. Source gtp.apn.name. type: str id: description: - ID. type: int rate_limit: description: - Rate limit (packets/s) for create PDP context request. type: int version: description: - 'GTP version number: 0 or 1.' type: int type: list policy: description: - Policy. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str apn_sel_mode: choices: - ms - net - vrf description: - APN selection mode. elements: str type: list apnmember: description: - APN member. elements: dict suboptions: name: description: - APN name. Source gtp.apn.name gtp.apngrp.name. type: str type: list id: description: - ID. type: int imei: description: - IMEI pattern. type: str imsi: description: - IMSI prefix. type: str imsi_prefix: description: - IMSI prefix. type: str max_apn_restriction: choices: - all - public-1 - public-2 - private-1 - private-2 description: - Maximum APN restriction value. type: str messages: choices: - create-req - create-res - update-req - update-res description: - GTP messages. elements: str type: list msisdn: description: - MSISDN prefix. type: str msisdn_prefix: description: - MSISDN prefix. type: str rai: description: - RAI pattern. type: str rat_type: choices: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot description: - RAT Type. elements: str type: list uli: description: - ULI pattern. type: str type: list policy_filter: choices: - enable - disable description: - Advanced policy filter type: str policy_v2: description: - Apply allow or deny action to each GTPv2-c packet. elements: dict suboptions: action: choices: - allow - deny description: - Action. type: str apn_sel_mode: choices: - ms - net - vrf description: - APN selection mode. elements: str type: list apnmember: description: - APN member. elements: dict suboptions: name: description: - APN name. Source gtp.apn.name gtp.apngrp.name. type: str type: list id: description: - ID. type: int imsi_prefix: description: - IMSI prefix. type: str max_apn_restriction: choices: - all - public-1 - public-2 - private-1 - private-2 description: - Maximum APN restriction value. type: str mei: description: - MEI pattern. type: str messages: choices: - create-ses-req - create-ses-res - modify-bearer-req - modify-bearer-res description: - GTP messages. elements: str type: list msisdn_prefix: description: - MSISDN prefix. type: str rat_type: choices: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot - ltem - nr description: - RAT Type. elements: str type: list uli: description: - GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI). elements: str type: list type: list port_notify: description: - overbilling notify port type: int rat_timeout_profile: description: - RAT timeout profile. Source gtp.rat-timeout-profile.name. type: str rate_limit_mode: choices: - per-profile - per-stream - per-apn description: - GTP rate limit mode. type: str rate_limited_log: choices: - enable - disable description: - log rate limited type: str rate_sampling_interval: description: - rate sampling interval (1-3600 seconds) type: int remove_if_echo_expires: choices: - enable - disable description: - remove if echo response expires type: str remove_if_recovery_differ: choices: - enable - disable description: - remove upon different Recovery IE type: str reserved_ie: choices: - allow - deny description: - reserved information element type: str send_delete_when_timeout: choices: - enable - disable description: - send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. type: str send_delete_when_timeout_v2: choices: - enable - disable description: - send DELETE request to path endpoints when GTPv2 tunnel timeout. type: str spoof_src_addr: choices: - allow - deny description: - Spoofed source address for Mobile Station. type: str state_invalid_log: choices: - enable - disable description: - log state invalid type: str sub_second_interval: choices: - '0.5' - '0.25' - '0.1' description: - Sub-second interval (0.1, 0.25, or 0.5 sec). type: str sub_second_sampling: choices: - enable - disable description: - Enable/disable sub-second sampling. type: str traffic_count_log: choices: - enable - disable description: - log tunnel traffic counter type: str tunnel_limit: description: - tunnel limit type: int tunnel_limit_log: choices: - enable - disable description: - tunnel limit type: str tunnel_timeout: description: - Established tunnel timeout (in seconds). type: int unknown_version_action: choices: - allow - deny description: - action for unknown gtp version type: str user_plane_message_rate_limit: description: - user plane message rate limit type: int warning_threshold: description: - Warning threshold for rate limiting (0 - 99 percent). type: int type: dict member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str