Try SpotterConfigure VoIP profiles in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VoIP profiles.
fortios_voip_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
voip_profile:
comment: "Comment."
feature_set: "flow"
msrp:
log_violations: "disable"
max_msg_size: "0"
max_msg_size_action: "pass"
status: "disable"
name: "default_name_10"
sccp:
block_mcast: "disable"
log_call_summary: "disable"
log_violations: "disable"
max_calls: "0"
status: "disable"
verify_header: "disable"
sip:
ack_rate: "0"
ack_rate_track: "none"
block_ack: "disable"
block_bye: "disable"
block_cancel: "disable"
block_geo_red_options: "disable"
block_info: "disable"
block_invite: "disable"
block_long_lines: "disable"
block_message: "disable"
block_notify: "disable"
block_options: "disable"
block_prack: "disable"
block_publish: "disable"
block_refer: "disable"
block_register: "disable"
block_subscribe: "disable"
block_unknown: "disable"
block_update: "disable"
bye_rate: "0"
bye_rate_track: "none"
call_keepalive: "0"
cancel_rate: "0"
cancel_rate_track: "none"
contact_fixup: "disable"
hnt_restrict_source_ip: "disable"
hosted_nat_traversal: "disable"
info_rate: "0"
info_rate_track: "none"
invite_rate: "0"
invite_rate_track: "none"
ips_rtp: "disable"
log_call_summary: "disable"
log_violations: "disable"
malformed_header_allow: "discard"
malformed_header_call_id: "discard"
malformed_header_contact: "discard"
malformed_header_content_length: "discard"
malformed_header_content_type: "discard"
malformed_header_cseq: "discard"
malformed_header_expires: "discard"
malformed_header_from: "discard"
malformed_header_max_forwards: "discard"
malformed_header_no_proxy_require: "discard"
malformed_header_no_require: "discard"
malformed_header_p_asserted_identity: "discard"
malformed_header_rack: "discard"
malformed_header_record_route: "discard"
malformed_header_route: "discard"
malformed_header_rseq: "discard"
malformed_header_sdp_a: "discard"
malformed_header_sdp_b: "discard"
malformed_header_sdp_c: "discard"
malformed_header_sdp_i: "discard"
malformed_header_sdp_k: "discard"
malformed_header_sdp_m: "discard"
malformed_header_sdp_o: "discard"
malformed_header_sdp_r: "discard"
malformed_header_sdp_s: "discard"
malformed_header_sdp_t: "discard"
malformed_header_sdp_v: "discard"
malformed_header_sdp_z: "discard"
malformed_header_to: "discard"
malformed_header_via: "discard"
malformed_request_line: "discard"
max_body_length: "0"
max_dialogs: "0"
max_idle_dialogs: "0"
max_line_length: "998"
message_rate: "0"
message_rate_track: "none"
nat_port_range: "<your_own_value>"
nat_trace: "disable"
no_sdp_fixup: "disable"
notify_rate: "0"
notify_rate_track: "none"
open_contact_pinhole: "disable"
open_record_route_pinhole: "disable"
open_register_pinhole: "disable"
open_via_pinhole: "disable"
options_rate: "0"
options_rate_track: "none"
prack_rate: "0"
prack_rate_track: "none"
preserve_override: "disable"
provisional_invite_expiry_time: "210"
publish_rate: "0"
publish_rate_track: "none"
refer_rate: "0"
refer_rate_track: "none"
register_contact_trace: "disable"
register_rate: "0"
register_rate_track: "none"
rfc2543_branch: "disable"
rtp: "disable"
ssl_algorithm: "high"
ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_client_renegotiation: "allow"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "off"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
status: "disable"
strict_register: "disable"
subscribe_rate: "0"
subscribe_rate_track: "none"
unknown_header: "discard"
update_rate: "0"
update_rate_track: "none"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
voip_profile:
default: null
description:
- Configure VoIP profiles.
suboptions:
comment:
description:
- Comment.
type: str
feature_set:
choices:
- flow
- proxy
description:
- Flow or proxy inspection feature set.
type: str
msrp:
description:
- MSRP.
suboptions:
log_violations:
choices:
- disable
- enable
description:
- Enable/disable logging of MSRP violations.
type: str
max_msg_size:
description:
- Maximum allowable MSRP message size (1-65535).
type: int
max_msg_size_action:
choices:
- pass
- block
- reset
- monitor
description:
- Action for violation of max-msg-size.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable MSRP.
type: str
type: dict
name:
description:
- Profile name.
required: true
type: str
sccp:
description:
- SCCP.
suboptions:
block_mcast:
choices:
- disable
- enable
description:
- Enable/disable block multicast RTP connections.
type: str
log_call_summary:
choices:
- disable
- enable
description:
- Enable/disable log summary of SCCP calls.
type: str
log_violations:
choices:
- disable
- enable
description:
- Enable/disable logging of SCCP violations.
type: str
max_calls:
description:
- Maximum calls per minute per SCCP client (max 65535).
type: int
status:
choices:
- disable
- enable
description:
- Enable/disable SCCP.
type: str
verify_header:
choices:
- disable
- enable
description:
- Enable/disable verify SCCP header content.
type: str
type: dict
sip:
description:
- SIP.
suboptions:
ack_rate:
description:
- ACK request rate limit (per second, per policy).
type: int
ack_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
block_ack:
choices:
- disable
- enable
description:
- Enable/disable block ACK requests.
type: str
block_bye:
choices:
- disable
- enable
description:
- Enable/disable block BYE requests.
type: str
block_cancel:
choices:
- disable
- enable
description:
- Enable/disable block CANCEL requests.
type: str
block_geo_red_options:
choices:
- disable
- enable
description:
- Enable/disable block OPTIONS requests, but OPTIONS requests still notify
for redundancy.
type: str
block_info:
choices:
- disable
- enable
description:
- Enable/disable block INFO requests.
type: str
block_invite:
choices:
- disable
- enable
description:
- Enable/disable block INVITE requests.
type: str
block_long_lines:
choices:
- disable
- enable
description:
- Enable/disable block requests with headers exceeding max-line-length.
type: str
block_message:
choices:
- disable
- enable
description:
- Enable/disable block MESSAGE requests.
type: str
block_notify:
choices:
- disable
- enable
description:
- Enable/disable block NOTIFY requests.
type: str
block_options:
choices:
- disable
- enable
description:
- Enable/disable block OPTIONS requests and no OPTIONS as notifying message
for redundancy either.
type: str
block_prack:
choices:
- disable
- enable
description:
- Enable/disable block prack requests.
type: str
block_publish:
choices:
- disable
- enable
description:
- Enable/disable block PUBLISH requests.
type: str
block_refer:
choices:
- disable
- enable
description:
- Enable/disable block REFER requests.
type: str
block_register:
choices:
- disable
- enable
description:
- Enable/disable block REGISTER requests.
type: str
block_subscribe:
choices:
- disable
- enable
description:
- Enable/disable block SUBSCRIBE requests.
type: str
block_unknown:
choices:
- disable
- enable
description:
- Block unrecognized SIP requests (enabled by default).
type: str
block_update:
choices:
- disable
- enable
description:
- Enable/disable block UPDATE requests.
type: str
bye_rate:
description:
- BYE request rate limit (per second, per policy).
type: int
bye_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
call_keepalive:
description:
- Continue tracking calls with no RTP for this many minutes.
type: int
cancel_rate:
description:
- CANCEL request rate limit (per second, per policy).
type: int
cancel_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
contact_fixup:
choices:
- disable
- enable
description:
- Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port.
type: str
hnt_restrict_source_ip:
choices:
- disable
- enable
description:
- Enable/disable restrict RTP source IP to be the same as SIP source IP when
HNT is enabled.
type: str
hosted_nat_traversal:
choices:
- disable
- enable
description:
- Hosted NAT Traversal (HNT).
type: str
info_rate:
description:
- INFO request rate limit (per second, per policy).
type: int
info_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
invite_rate:
description:
- INVITE request rate limit (per second, per policy).
type: int
invite_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
ips_rtp:
choices:
- disable
- enable
description:
- Enable/disable allow IPS on RTP.
type: str
log_call_summary:
choices:
- disable
- enable
description:
- Enable/disable logging of SIP call summary.
type: str
log_violations:
choices:
- disable
- enable
description:
- Enable/disable logging of SIP violations.
type: str
malformed_header_allow:
choices:
- discard
- pass
- respond
description:
- Action for malformed Allow header.
type: str
malformed_header_call_id:
choices:
- discard
- pass
- respond
description:
- Action for malformed Call-ID header.
type: str
malformed_header_contact:
choices:
- discard
- pass
- respond
description:
- Action for malformed Contact header.
type: str
malformed_header_content_length:
choices:
- discard
- pass
- respond
description:
- Action for malformed Content-Length header.
type: str
malformed_header_content_type:
choices:
- discard
- pass
- respond
description:
- Action for malformed Content-Type header.
type: str
malformed_header_cseq:
choices:
- discard
- pass
- respond
description:
- Action for malformed CSeq header.
type: str
malformed_header_expires:
choices:
- discard
- pass
- respond
description:
- Action for malformed Expires header.
type: str
malformed_header_from:
choices:
- discard
- pass
- respond
description:
- Action for malformed From header.
type: str
malformed_header_max_forwards:
choices:
- discard
- pass
- respond
description:
- Action for malformed Max-Forwards header.
type: str
malformed_header_no_proxy_require:
choices:
- discard
- pass
- respond
description:
- Action for malformed SIP messages without Proxy-Require header.
type: str
malformed_header_no_require:
choices:
- discard
- pass
- respond
description:
- Action for malformed SIP messages without Require header.
type: str
malformed_header_p_asserted_identity:
choices:
- discard
- pass
- respond
description:
- Action for malformed P-Asserted-Identity header.
type: str
malformed_header_rack:
choices:
- discard
- pass
- respond
description:
- Action for malformed RAck header.
type: str
malformed_header_record_route:
choices:
- discard
- pass
- respond
description:
- Action for malformed Record-Route header.
type: str
malformed_header_route:
choices:
- discard
- pass
- respond
description:
- Action for malformed Route header.
type: str
malformed_header_rseq:
choices:
- discard
- pass
- respond
description:
- Action for malformed RSeq header.
type: str
malformed_header_sdp_a:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP a line.
type: str
malformed_header_sdp_b:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP b line.
type: str
malformed_header_sdp_c:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP c line.
type: str
malformed_header_sdp_i:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP i line.
type: str
malformed_header_sdp_k:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP k line.
type: str
malformed_header_sdp_m:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP m line.
type: str
malformed_header_sdp_o:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP o line.
type: str
malformed_header_sdp_r:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP r line.
type: str
malformed_header_sdp_s:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP s line.
type: str
malformed_header_sdp_t:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP t line.
type: str
malformed_header_sdp_v:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP v line.
type: str
malformed_header_sdp_z:
choices:
- discard
- pass
- respond
description:
- Action for malformed SDP z line.
type: str
malformed_header_to:
choices:
- discard
- pass
- respond
description:
- Action for malformed To header.
type: str
malformed_header_via:
choices:
- discard
- pass
- respond
description:
- Action for malformed VIA header.
type: str
malformed_request_line:
choices:
- discard
- pass
- respond
description:
- Action for malformed request line.
type: str
max_body_length:
description:
- Maximum SIP message body length (0 meaning no limit).
type: int
max_dialogs:
description:
- Maximum number of concurrent calls/dialogs (per policy).
type: int
max_idle_dialogs:
description:
- Maximum number established but idle dialogs to retain (per policy).
type: int
max_line_length:
description:
- Maximum SIP header line length (78-4096).
type: int
message_rate:
description:
- MESSAGE request rate limit (per second, per policy).
type: int
message_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
nat_port_range:
description:
- RTP NAT port range.
type: str
nat_trace:
choices:
- disable
- enable
description:
- Enable/disable preservation of original IP in SDP i line.
type: str
no_sdp_fixup:
choices:
- disable
- enable
description:
- Enable/disable no SDP fix-up.
type: str
notify_rate:
description:
- NOTIFY request rate limit (per second, per policy).
type: int
notify_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
open_contact_pinhole:
choices:
- disable
- enable
description:
- Enable/disable open pinhole for non-REGISTER Contact port.
type: str
open_record_route_pinhole:
choices:
- disable
- enable
description:
- Enable/disable open pinhole for Record-Route port.
type: str
open_register_pinhole:
choices:
- disable
- enable
description:
- Enable/disable open pinhole for REGISTER Contact port.
type: str
open_via_pinhole:
choices:
- disable
- enable
description:
- Enable/disable open pinhole for Via port.
type: str
options_rate:
description:
- OPTIONS request rate limit (per second, per policy).
type: int
options_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
prack_rate:
description:
- PRACK request rate limit (per second, per policy).
type: int
prack_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
preserve_override:
choices:
- disable
- enable
description:
- Override i line to preserve original IPS .
type: str
provisional_invite_expiry_time:
description:
- Expiry time (10-3600, in seconds) for provisional INVITE.
type: int
publish_rate:
description:
- PUBLISH request rate limit (per second, per policy).
type: int
publish_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
refer_rate:
description:
- REFER request rate limit (per second, per policy).
type: int
refer_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
register_contact_trace:
choices:
- disable
- enable
description:
- Enable/disable trace original IP/port within the contact header of REGISTER
requests.
type: str
register_rate:
description:
- REGISTER request rate limit (per second, per policy).
type: int
register_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
rfc2543_branch:
choices:
- disable
- enable
description:
- Enable/disable support via branch compliant with RFC 2543.
type: str
rtp:
choices:
- disable
- enable
description:
- Enable/disable create pinholes for RTP traffic to traverse firewall.
type: str
ssl_algorithm:
choices:
- high
- medium
- low
description:
- Relative strength of encryption algorithms accepted in negotiation.
type: str
ssl_auth_client:
description:
- Require a client certificate and authenticate it with the peer/peergrp.
Source user.peer.name user.peergrp.name.
type: str
ssl_auth_server:
description:
- Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name
user.peergrp.name.
type: str
ssl_client_certificate:
description:
- Name of Certificate to offer to server if requested. Source vpn.certificate.local.name.
type: str
ssl_client_renegotiation:
choices:
- allow
- deny
- secure
description:
- Allow/block client renegotiation by server.
type: str
ssl_max_version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description:
- Highest SSL/TLS version to negotiate.
type: str
ssl_min_version:
choices:
- ssl-3.0
- tls-1.0
- tls-1.1
- tls-1.2
- tls-1.3
description:
- Lowest SSL/TLS version to negotiate.
type: str
ssl_mode:
choices:
- 'off'
- full
description:
- SSL/TLS mode for encryption & decryption of traffic.
type: str
ssl_pfs:
choices:
- require
- deny
- allow
description:
- SSL Perfect Forward Secrecy.
type: str
ssl_send_empty_frags:
choices:
- enable
- disable
description:
- Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
type: str
ssl_server_certificate:
description:
- Name of Certificate return to the client in every SSL connection. Source
vpn.certificate.local.name.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable SIP.
type: str
strict_register:
choices:
- disable
- enable
description:
- Enable/disable only allow the registrar to connect.
type: str
subscribe_rate:
description:
- SUBSCRIBE request rate limit (per second, per policy).
type: int
subscribe_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
unknown_header:
choices:
- discard
- pass
- respond
description:
- Action for unknown SIP header.
type: str
update_rate:
description:
- UPDATE request rate limit (per second, per policy).
type: int
update_rate_track:
choices:
- none
- src-ip
- dest-ip
description:
- Track the packet protocol field.
type: str
type: dict
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str