fortios_voip_profile – Configure VoIP profiles in Fortinet’s FortiOS and FortiGate.¶
New in version 2.8.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters¶
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- state - Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. type: str required: False choices: present, absent
- voip_profile - Configure VoIP profiles. type: dict
- state - B(Deprecated) type: str required: False choices: present, absent
- comment - Comment. type: str
- name - Profile name. type: str required: True
- sccp - SCCP. type: dict
- block_mcast - Enable/disable block multicast RTP connections. type: str choices: disable, enable
- log_call_summary - Enable/disable log summary of SCCP calls. type: str choices: disable, enable
- log_violations - Enable/disable logging of SCCP violations. type: str choices: disable, enable
- max_calls - Maximum calls per minute per SCCP client (max 65535). type: int
- status - Enable/disable SCCP. type: str choices: disable, enable
- verify_header - Enable/disable verify SCCP header content. type: str choices: disable, enable
- sip - SIP. type: dict
- ack_rate - ACK request rate limit (per second, per policy). type: int
- block_ack - Enable/disable block ACK requests. type: str choices: disable, enable
- block_bye - Enable/disable block BYE requests. type: str choices: disable, enable
- block_cancel - Enable/disable block CANCEL requests. type: str choices: disable, enable
- block_geo_red_options - Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. type: str choices: disable, enable
- block_info - Enable/disable block INFO requests. type: str choices: disable, enable
- block_invite - Enable/disable block INVITE requests. type: str choices: disable, enable
- block_long_lines - Enable/disable block requests with headers exceeding max-line-length. type: str choices: disable, enable
- block_message - Enable/disable block MESSAGE requests. type: str choices: disable, enable
- block_notify - Enable/disable block NOTIFY requests. type: str choices: disable, enable
- block_options - Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. type: str choices: disable, enable
- block_prack - Enable/disable block prack requests. type: str choices: disable, enable
- block_publish - Enable/disable block PUBLISH requests. type: str choices: disable, enable
- block_refer - Enable/disable block REFER requests. type: str choices: disable, enable
- block_register - Enable/disable block REGISTER requests. type: str choices: disable, enable
- block_subscribe - Enable/disable block SUBSCRIBE requests. type: str choices: disable, enable
- block_unknown - Block unrecognized SIP requests (enabled by default). type: str choices: disable, enable
- block_update - Enable/disable block UPDATE requests. type: str choices: disable, enable
- bye_rate - BYE request rate limit (per second, per policy). type: int
- call_keepalive - Continue tracking calls with no RTP for this many minutes. type: int
- cancel_rate - CANCEL request rate limit (per second, per policy). type: int
- contact_fixup - Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. type: str choices: disable, enable
- hnt_restrict_source_ip - Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. type: str choices: disable, enable
- hosted_nat_traversal - Hosted NAT Traversal (HNT). type: str choices: disable, enable
- info_rate - INFO request rate limit (per second, per policy). type: int
- invite_rate - INVITE request rate limit (per second, per policy). type: int
- ips_rtp - Enable/disable allow IPS on RTP. type: str choices: disable, enable
- log_call_summary - Enable/disable logging of SIP call summary. type: str choices: disable, enable
- log_violations - Enable/disable logging of SIP violations. type: str choices: disable, enable
- malformed_header_allow - Action for malformed Allow header. type: str choices: discard, pass, respond
- malformed_header_call_id - Action for malformed Call-ID header. type: str choices: discard, pass, respond
- malformed_header_contact - Action for malformed Contact header. type: str choices: discard, pass, respond
- malformed_header_content_length - Action for malformed Content-Length header. type: str choices: discard, pass, respond
- malformed_header_content_type - Action for malformed Content-Type header. type: str choices: discard, pass, respond
- malformed_header_cseq - Action for malformed CSeq header. type: str choices: discard, pass, respond
- malformed_header_expires - Action for malformed Expires header. type: str choices: discard, pass, respond
- malformed_header_from - Action for malformed From header. type: str choices: discard, pass, respond
- malformed_header_max_forwards - Action for malformed Max-Forwards header. type: str choices: discard, pass, respond
- malformed_header_p_asserted_identity - Action for malformed P-Asserted-Identity header. type: str choices: discard, pass, respond
- malformed_header_rack - Action for malformed RAck header. type: str choices: discard, pass, respond
- malformed_header_record_route - Action for malformed Record-Route header. type: str choices: discard, pass, respond
- malformed_header_route - Action for malformed Route header. type: str choices: discard, pass, respond
- malformed_header_rseq - Action for malformed RSeq header. type: str choices: discard, pass, respond
- malformed_header_sdp_a - Action for malformed SDP a line. type: str choices: discard, pass, respond
- malformed_header_sdp_b - Action for malformed SDP b line. type: str choices: discard, pass, respond
- malformed_header_sdp_c - Action for malformed SDP c line. type: str choices: discard, pass, respond
- malformed_header_sdp_i - Action for malformed SDP i line. type: str choices: discard, pass, respond
- malformed_header_sdp_k - Action for malformed SDP k line. type: str choices: discard, pass, respond
- malformed_header_sdp_m - Action for malformed SDP m line. type: str choices: discard, pass, respond
- malformed_header_sdp_o - Action for malformed SDP o line. type: str choices: discard, pass, respond
- malformed_header_sdp_r - Action for malformed SDP r line. type: str choices: discard, pass, respond
- malformed_header_sdp_s - Action for malformed SDP s line. type: str choices: discard, pass, respond
- malformed_header_sdp_t - Action for malformed SDP t line. type: str choices: discard, pass, respond
- malformed_header_sdp_v - Action for malformed SDP v line. type: str choices: discard, pass, respond
- malformed_header_sdp_z - Action for malformed SDP z line. type: str choices: discard, pass, respond
- malformed_header_to - Action for malformed To header. type: str choices: discard, pass, respond
- malformed_header_via - Action for malformed VIA header. type: str choices: discard, pass, respond
- malformed_request_line - Action for malformed request line. type: str choices: discard, pass, respond
- max_body_length - Maximum SIP message body length (0 meaning no limit). type: int
- max_dialogs - Maximum number of concurrent calls/dialogs (per policy). type: int
- max_idle_dialogs - Maximum number established but idle dialogs to retain (per policy). type: int
- max_line_length - Maximum SIP header line length (78-4096). type: int
- message_rate - MESSAGE request rate limit (per second, per policy). type: int
- nat_trace - Enable/disable preservation of original IP in SDP i line. type: str choices: disable, enable
- no_sdp_fixup - Enable/disable no SDP fix-up. type: str choices: disable, enable
- notify_rate - NOTIFY request rate limit (per second, per policy). type: int
- open_contact_pinhole - Enable/disable open pinhole for non-REGISTER Contact port. type: str choices: disable, enable
- open_record_route_pinhole - Enable/disable open pinhole for Record-Route port. type: str choices: disable, enable
- open_register_pinhole - Enable/disable open pinhole for REGISTER Contact port. type: str choices: disable, enable
- open_via_pinhole - Enable/disable open pinhole for Via port. type: str choices: disable, enable
- options_rate - OPTIONS request rate limit (per second, per policy). type: int
- prack_rate - PRACK request rate limit (per second, per policy). type: int
- preserve_override - Override i line to preserve original IPS . type: str choices: disable, enable
- provisional_invite_expiry_time - Expiry time for provisional INVITE (10 - 3600 sec). type: int
- publish_rate - PUBLISH request rate limit (per second, per policy). type: int
- refer_rate - REFER request rate limit (per second, per policy). type: int
- register_contact_trace - Enable/disable trace original IP/port within the contact header of REGISTER requests. type: str choices: disable, enable
- register_rate - REGISTER request rate limit (per second, per policy). type: int
- rfc2543_branch - Enable/disable support via branch compliant with RFC 2543. type: str choices: disable, enable
- rtp - Enable/disable create pinholes for RTP traffic to traverse firewall. type: str choices: disable, enable
- ssl_algorithm - Relative strength of encryption algorithms accepted in negotiation. type: str choices: high, medium, low
- ssl_auth_client - Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str
- ssl_auth_server - Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. type: str
- ssl_client_certificate - Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. type: str
- ssl_client_renegotiation - Allow/block client renegotiation by server. type: str choices: allow, deny, secure
- ssl_max_version - Highest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_min_version - Lowest SSL/TLS version to negotiate. type: str choices: ssl-3.0, tls-1.0, tls-1.1, tls-1.2
- ssl_mode - SSL/TLS mode for encryption & decryption of traffic. type: str choices: False, full
- ssl_pfs - SSL Perfect Forward Secrecy. type: str choices: require, deny, allow
- ssl_send_empty_frags - Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). type: str choices: enable, disable
- ssl_server_certificate - Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. type: str
- status - Enable/disable SIP. type: str choices: disable, enable
- strict_register - Enable/disable only allow the registrar to connect. type: str choices: disable, enable
- subscribe_rate - SUBSCRIBE request rate limit (per second, per policy). type: int
- unknown_header - Action for unknown SIP header. type: str choices: discard, pass, respond
- update_rate - UPDATE request rate limit (per second, per policy). type: int
Examples¶
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VoIP profiles.
fortios_voip_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
voip_profile:
comment: "Comment."
name: "default_name_4"
sccp:
block_mcast: "disable"
log_call_summary: "disable"
log_violations: "disable"
max_calls: "9"
status: "disable"
verify_header: "disable"
sip:
ack_rate: "13"
block_ack: "disable"
block_bye: "disable"
block_cancel: "disable"
block_geo_red_options: "disable"
block_info: "disable"
block_invite: "disable"
block_long_lines: "disable"
block_message: "disable"
block_notify: "disable"
block_options: "disable"
block_prack: "disable"
block_publish: "disable"
block_refer: "disable"
block_register: "disable"
block_subscribe: "disable"
block_unknown: "disable"
block_update: "disable"
bye_rate: "31"
call_keepalive: "32"
cancel_rate: "33"
contact_fixup: "disable"
hnt_restrict_source_ip: "disable"
hosted_nat_traversal: "disable"
info_rate: "37"
invite_rate: "38"
ips_rtp: "disable"
log_call_summary: "disable"
log_violations: "disable"
malformed_header_allow: "discard"
malformed_header_call_id: "discard"
malformed_header_contact: "discard"
malformed_header_content_length: "discard"
malformed_header_content_type: "discard"
malformed_header_cseq: "discard"
malformed_header_expires: "discard"
malformed_header_from: "discard"
malformed_header_max_forwards: "discard"
malformed_header_p_asserted_identity: "discard"
malformed_header_rack: "discard"
malformed_header_record_route: "discard"
malformed_header_route: "discard"
malformed_header_rseq: "discard"
malformed_header_sdp_a: "discard"
malformed_header_sdp_b: "discard"
malformed_header_sdp_c: "discard"
malformed_header_sdp_i: "discard"
malformed_header_sdp_k: "discard"
malformed_header_sdp_m: "discard"
malformed_header_sdp_o: "discard"
malformed_header_sdp_r: "discard"
malformed_header_sdp_s: "discard"
malformed_header_sdp_t: "discard"
malformed_header_sdp_v: "discard"
malformed_header_sdp_z: "discard"
malformed_header_to: "discard"
malformed_header_via: "discard"
malformed_request_line: "discard"
max_body_length: "71"
max_dialogs: "72"
max_idle_dialogs: "73"
max_line_length: "74"
message_rate: "75"
nat_trace: "disable"
no_sdp_fixup: "disable"
notify_rate: "78"
open_contact_pinhole: "disable"
open_record_route_pinhole: "disable"
open_register_pinhole: "disable"
open_via_pinhole: "disable"
options_rate: "83"
prack_rate: "84"
preserve_override: "disable"
provisional_invite_expiry_time: "86"
publish_rate: "87"
refer_rate: "88"
register_contact_trace: "disable"
register_rate: "90"
rfc2543_branch: "disable"
rtp: "disable"
ssl_algorithm: "high"
ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_client_renegotiation: "allow"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "off"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
status: "disable"
strict_register: "disable"
subscribe_rate: "106"
unknown_header: "discard"
update_rate: "108"
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3