Try SpotterMessage filter for GTPv2 messages in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify gtp feature and message_filter_v2 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Message filter for GTPv2 messages.
fortios_gtp_message_filter_v2:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
gtp_message_filter_v2:
bearer_resource_cmd_fail: "allow"
change_notification: "allow"
context_req_res_ack: "allow"
create_bearer: "allow"
create_session: "allow"
delete_bearer_cmd_fail: "allow"
delete_bearer_req_resp: "allow"
delete_pdn_connection_set: "allow"
delete_session: "allow"
echo: "allow"
forward_relocation_cmp_notif_ack: "allow"
forward_relocation_req_res: "allow"
modify_bearer_cmd_fail: "allow"
modify_bearer_req_resp: "allow"
name: "default_name_17"
resume: "allow"
suspend: "allow"
trace_session: "allow"
unknown_message: "allow"
unknown_message_white_list:
-
id: "23"
update_bearer: "allow"
update_pdn_connection_set: "allow"
version_not_support: "allow"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
gtp_message_filter_v2:
default: null
description:
- Message filter for GTPv2 messages.
suboptions:
bearer_resource_cmd_fail:
choices:
- allow
- deny
description:
- Bearer resource (command 68, failure indication 69).
type: str
change_notification:
choices:
- allow
- deny
description:
- Change notification (req 38, resp 39).
type: str
context_req_res_ack:
choices:
- allow
- deny
description:
- Context request/response/acknowledge (req 130, resp 131, ack 132).
type: str
create_bearer:
choices:
- allow
- deny
description:
- Create bearer (req 95, resp 96).
type: str
create_session:
choices:
- allow
- deny
description:
- Create session (req 32, resp 33).
type: str
delete_bearer_cmd_fail:
choices:
- allow
- deny
description:
- Delete bearer (command 66, failure indication 67).
type: str
delete_bearer_req_resp:
choices:
- allow
- deny
description:
- Delete bearer (req 99, resp 100).
type: str
delete_pdn_connection_set:
choices:
- allow
- deny
description:
- Delete PDN connection set (req 101, resp 102).
type: str
delete_session:
choices:
- allow
- deny
description:
- Delete session (req 36, resp 37).
type: str
echo:
choices:
- allow
- deny
description:
- Echo (req 1, resp 2).
type: str
forward_relocation_cmp_notif_ack:
choices:
- allow
- deny
description:
- Forward relocation complete notification/acknowledge (notif 135, ack 136).
type: str
forward_relocation_req_res:
choices:
- allow
- deny
description:
- Forward relocation request/response (req 133, resp 134).
type: str
modify_bearer_cmd_fail:
choices:
- allow
- deny
description:
- Modify bearer (command 64 , failure indication 65).
type: str
modify_bearer_req_resp:
choices:
- allow
- deny
description:
- Modify bearer (req 34, resp 35).
type: str
name:
description:
- Message filter name.
required: true
type: str
resume:
choices:
- allow
- deny
description:
- Resume (notify 164 , ack 165).
type: str
suspend:
choices:
- allow
- deny
description:
- Suspend (notify 162, ack 163).
type: str
trace_session:
choices:
- allow
- deny
description:
- Trace session (activation 71, deactivation 72).
type: str
unknown_message:
choices:
- allow
- deny
description:
- Allow or Deny unknown messages.
type: str
unknown_message_white_list:
description:
- White list (to allow) of unknown messages.
elements: dict
suboptions:
id:
description:
- Message IDs.
type: int
type: list
update_bearer:
choices:
- allow
- deny
description:
- Update bearer (req 97, resp 98).
type: str
update_pdn_connection_set:
choices:
- allow
- deny
description:
- Update PDN connection set (req 200, resp 201).
type: str
version_not_support:
choices:
- allow
- deny
description:
- Version not supported (3).
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str