fortios_firewall_gtp – Configure GTP in Fortinet’s FortiOS and FortiGate.
New in version 2.0.0.
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and gtp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Tips
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
Supported Version Ranges: v6.0.0 -> v7.0.8 , v7.2.0 -> v7.2.4 , v7.4.3 -> 7.4.3
Parameters
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_gtp - Configure GTP. type: dict more...
- addr_notify - overbilling notify address type: str more...
- apn - APN. type: list member_path: apn:id more...
- action - Action. type: str choices: allow, deny more...
- apnmember - APN member. type: list member_path: apn:id/apnmember:name more...
- name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true more...
- id - ID. see Notes. type: int required: true more...
- selection_mode - APN selection mode. type: list choices: ms, net, vrf more...
- apn_filter - apn filter type: str choices: enable, disable more...
- authorized_ggsns - Authorized GGSN/PGW group. Source firewall.address.name firewall.addrgrp.name. type: str more...
- authorized_ggsns6 - Authorized GGSN/PGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- authorized_sgsns - Authorized SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str more...
- authorized_sgsns6 - Authorized SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- comment - Comment. type: str more...
- context_id - Overbilling context. type: int more...
- control_plane_message_rate_limit - control plane message rate limit type: int more...
- default_apn_action - default apn action type: str choices: allow, deny more...
- default_imsi_action - default imsi action type: str choices: allow, deny more...
- default_ip_action - default action for encapsulated IP traffic type: str choices: allow, deny more...
- default_noip_action - default action for encapsulated non-IP traffic type: str choices: allow, deny more...
- default_policy_action - default advanced policy action type: str choices: allow, deny more...
- denied_log - log denied type: str choices: enable, disable more...
- echo_request_interval - echo request interval (in seconds) type: int more...
- extension_log - log in extension format type: str choices: enable, disable more...
- forwarded_log - log forwarded type: str choices: enable, disable more...
- global_tunnel_limit - Global tunnel limit. Source gtp.tunnel-limit.name. type: str more...
- gtp_in_gtp - gtp in gtp type: str choices: allow, deny more...
- gtpu_denied_log - Enable/disable logging of denied GTP-U packets. type: str choices: enable, disable more...
- gtpu_forwarded_log - Enable/disable logging of forwarded GTP-U packets. type: str choices: enable, disable more...
- gtpu_log_freq - Logging of frequency of GTP-U packets. type: int more...
- half_close_timeout - Half-close tunnel timeout (in seconds). type: int more...
- half_open_timeout - Half-open tunnel timeout (in seconds). type: int more...
- handover_group - Handover SGSN/SGW group. Source firewall.address.name firewall.addrgrp.name. type: str more...
- handover_group6 - Handover SGSN/SGW IPv6 group. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- ie_allow_list_v0v1 - IE allow list. Source gtp.ie-allow-list.name. type: str more...
- ie_allow_list_v2 - IE allow list. Source gtp.ie-allow-list.name. type: str more...
- ie_remove_policy - IE remove policy. type: list member_path: ie_remove_policy:id more...
- id - ID. see Notes. type: int required: true more...
- remove_ies - GTP IEs to be removed. type: list choices: apn-restriction, rat-type, rai, uli, imei more...
- sgsn_addr - SGSN address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- sgsn_addr6 - SGSN IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- ie_remover - IE removal policy. type: str choices: enable, disable more...
- ie_validation - IE validation. type: dict more...
- apn_restriction - Validate APN restriction. type: str choices: enable, disable more...
- charging_gateway_addr - Validate charging gateway address. type: str choices: enable, disable more...
- charging_ID - Validate charging ID. type: str choices: enable, disable more...
- end_user_addr - Validate end user address. type: str choices: enable, disable more...
- gsn_addr - Validate GSN address. type: str choices: enable, disable more...
- imei - Validate IMEI(SV). type: str choices: enable, disable more...
- imsi - Validate IMSI. type: str choices: enable, disable more...
- mm_context - Validate MM context. type: str choices: enable, disable more...
- ms_tzone - Validate MS time zone. type: str choices: enable, disable more...
- ms_validated - Validate MS validated. type: str choices: enable, disable more...
- msisdn - Validate MSISDN. type: str choices: enable, disable more...
- nsapi - Validate NSAPI. type: str choices: enable, disable more...
- pdp_context - Validate PDP context. type: str choices: enable, disable more...
- qos_profile - Validate Quality of Service(QoS) profile. type: str choices: enable, disable more...
- rai - Validate RAI. type: str choices: enable, disable more...
- rat_type - Validate RAT type. type: str choices: enable, disable more...
- reordering_required - Validate re-ordering required. type: str choices: enable, disable more...
- selection_mode - Validate selection mode. type: str choices: enable, disable more...
- uli - Validate user location information. type: str choices: enable, disable more...
- ie_white_list_v0v1 - IE white list. Source gtp.ie-white-list.name. type: str more...
- ie_white_list_v2 - IE white list. Source gtp.ie-white-list.name. type: str more...
- imsi - IMSI. type: list member_path: imsi:id more...
- action - Action. type: str choices: allow, deny more...
- apnmember - APN member. type: list member_path: imsi:id/apnmember:name more...
- name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true more...
- id - ID. see Notes. type: int required: true more...
- mcc_mnc - MCC MNC. type: str more...
- msisdn_prefix - MSISDN prefix. type: str more...
- selection_mode - APN selection mode. type: list choices: ms, net, vrf more...
- imsi_filter - imsi filter type: str choices: enable, disable more...
- interface_notify - overbilling interface Source system.interface.name. type: str more...
- invalid_reserved_field - Invalid reserved field in GTP header type: str choices: allow, deny more...
- invalid_sgsns_to_log - Invalid SGSN group to be logged Source firewall.address.name firewall.addrgrp.name. type: str more...
- invalid_sgsns6_to_log - Invalid SGSN IPv6 group to be logged. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- ip_filter - IP filter for encapsulted traffic type: str choices: enable, disable more...
- ip_policy - IP policy. type: list member_path: ip_policy:id more...
- action - Action. type: str choices: allow, deny more...
- dstaddr - Destination address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- dstaddr6 - Destination IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- id - ID. see Notes. type: int required: true more...
- srcaddr - Source address name. Source firewall.address.name firewall.addrgrp.name. type: str more...
- srcaddr6 - Source IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str more...
- log_freq - Logging of frequency of GTP-C packets. type: int more...
- log_gtpu_limit - the user data log limit (0-512 bytes) type: int more...
- log_imsi_prefix - IMSI prefix for selective logging. type: str more...
- log_msisdn_prefix - the msisdn prefix for selective logging type: str more...
- max_message_length - max message length type: int more...
- message_filter_v0v1 - Message filter. Source gtp.message-filter-v0v1.name. type: str more...
- message_filter_v2 - Message filter. Source gtp.message-filter-v2.name. type: str more...
- message_rate_limit - Message rate limiting. type: dict more...
- create_aa_pdp_request - Rate limit for create AA PDP context request (packets per second). type: int more...
- create_aa_pdp_response - Rate limit for create AA PDP context response (packets per second). type: int more...
- create_mbms_request - Rate limit for create MBMS context request (packets per second). type: int more...
- create_mbms_response - Rate limit for create MBMS context response (packets per second). type: int more...
- create_pdp_request - Rate limit for create PDP context request (packets per second). type: int more...
- create_pdp_response - Rate limit for create PDP context response (packets per second). type: int more...
- delete_aa_pdp_request - Rate limit for delete AA PDP context request (packets per second). type: int more...
- delete_aa_pdp_response - Rate limit for delete AA PDP context response (packets per second). type: int more...
- delete_mbms_request - Rate limit for delete MBMS context request (packets per second). type: int more...
- delete_mbms_response - Rate limit for delete MBMS context response (packets per second). type: int more...
- delete_pdp_request - Rate limit for delete PDP context request (packets per second). type: int more...
- delete_pdp_response - Rate limit for delete PDP context response (packets per second). type: int more...
- echo_reponse - Rate limit for echo response (packets per second). type: int more...
- echo_request - Rate limit for echo requests (packets per second). type: int more...
- error_indication - Rate limit for error indication (packets per second). type: int more...
- failure_report_request - Rate limit for failure report request (packets per second). type: int more...
- failure_report_response - Rate limit for failure report response (packets per second). type: int more...
- fwd_reloc_complete_ack - Rate limit for forward relocation complete acknowledge (packets per second). type: int more...
- fwd_relocation_complete - Rate limit for forward relocation complete (packets per second). type: int more...
- fwd_relocation_request - Rate limit for forward relocation request (packets per second). type: int more...
- fwd_relocation_response - Rate limit for forward relocation response (packets per second). type: int more...
- fwd_srns_context - Rate limit for forward SRNS context (packets per second). type: int more...
- fwd_srns_context_ack - Rate limit for forward SRNS context acknowledge (packets per second). type: int more...
- g_pdu - Rate limit for G-PDU (packets per second). type: int more...
- identification_request - Rate limit for identification request (packets per second). type: int more...
- identification_response - Rate limit for identification response (packets per second). type: int more...
- mbms_de_reg_request - Rate limit for MBMS de-registration request (packets per second). type: int more...
- mbms_de_reg_response - Rate limit for MBMS de-registration response (packets per second). type: int more...
- mbms_notify_rej_request - Rate limit for MBMS notification reject request (packets per second). type: int more...
- mbms_notify_rej_response - Rate limit for MBMS notification reject response (packets per second). type: int more...
- mbms_notify_request - Rate limit for MBMS notification request (packets per second). type: int more...
- mbms_notify_response - Rate limit for MBMS notification response (packets per second). type: int more...
- mbms_reg_request - Rate limit for MBMS registration request (packets per second). type: int more...
- mbms_reg_response - Rate limit for MBMS registration response (packets per second). type: int more...
- mbms_ses_start_request - Rate limit for MBMS session start request (packets per second). type: int more...
- mbms_ses_start_response - Rate limit for MBMS session start response (packets per second). type: int more...
- mbms_ses_stop_request - Rate limit for MBMS session stop request (packets per second). type: int more...
- mbms_ses_stop_response - Rate limit for MBMS session stop response (packets per second). type: int more...
- note_ms_request - Rate limit for note MS GPRS present request (packets per second). type: int more...
- note_ms_response - Rate limit for note MS GPRS present response (packets per second). type: int more...
- pdu_notify_rej_request - Rate limit for PDU notify reject request (packets per second). type: int more...
- pdu_notify_rej_response - Rate limit for PDU notify reject response (packets per second). type: int more...
- pdu_notify_request - Rate limit for PDU notify request (packets per second). type: int more...
- pdu_notify_response - Rate limit for PDU notify response (packets per second). type: int more...
- ran_info - Rate limit for RAN information relay (packets per second). type: int more...
- relocation_cancel_request - Rate limit for relocation cancel request (packets per second). type: int more...
- relocation_cancel_response - Rate limit for relocation cancel response (packets per second). type: int more...
- send_route_request - Rate limit for send routing information for GPRS request (packets per second). type: int more...
- send_route_response - Rate limit for send routing information for GPRS response (packets per second). type: int more...
- sgsn_context_ack - Rate limit for SGSN context acknowledgement (packets per second). type: int more...
- sgsn_context_request - Rate limit for SGSN context request (packets per second). type: int more...
- sgsn_context_response - Rate limit for SGSN context response (packets per second). type: int more...
- support_ext_hdr_notify - Rate limit for support extension headers notification (packets per second). type: int more...
- update_mbms_request - Rate limit for update MBMS context request (packets per second). type: int more...
- update_mbms_response - Rate limit for update MBMS context response (packets per second). type: int more...
- update_pdp_request - Rate limit for update PDP context request (packets per second). type: int more...
- update_pdp_response - Rate limit for update PDP context response (packets per second). type: int more...
- version_not_support - Rate limit for version not supported (packets per second). type: int more...
- message_rate_limit_v0 - Message rate limiting for GTP version 0. type: dict more...
- create_pdp_request - Rate limit (packets/s) for create PDP context request. type: int more...
- delete_pdp_request - Rate limit (packets/s) for delete PDP context request. type: int more...
- echo_request - Rate limit (packets/s) for echo request. type: int more...
- message_rate_limit_v1 - Message rate limiting for GTP version 1. type: dict more...
- create_pdp_request - Rate limit (packets/s) for create PDP context request. type: int more...
- delete_pdp_request - Rate limit (packets/s) for delete PDP context request. type: int more...
- echo_request - Rate limit (packets/s) for echo request. type: int more...
- message_rate_limit_v2 - Message rate limiting for GTP version 2. type: dict more...
- create_session_request - Rate limit (packets/s) for create session request. type: int more...
- delete_session_request - Rate limit (packets/s) for delete session request. type: int more...
- echo_request - Rate limit (packets/s) for echo request. type: int more...
- min_message_length - min message length type: int more...
- miss_must_ie - Missing mandatory information element type: str choices: allow, deny more...
- monitor_mode - GTP monitor mode. type: str choices: enable, disable, vdom more...
- name - Profile name. type: str required: true more...
- noip_filter - non-IP filter for encapsulted traffic type: str choices: enable, disable more...
- noip_policy - No IP policy. type: list member_path: noip_policy:id more...
- action - Action. type: str choices: allow, deny more...
- end - End of protocol range (0 - 255). type: int more...
- id - ID. see Notes. type: int required: true more...
- start - Start of protocol range (0 - 255). type: int more...
- type - Protocol field type. type: str choices: etsi, ietf more...
- out_of_state_ie - Out of state information element. type: str choices: allow, deny more...
- out_of_state_message - Out of state GTP message type: str choices: allow, deny more...
- per_apn_shaper - Per APN shaper. type: list member_path: per_apn_shaper:id more...
- apn - APN name. Source gtp.apn.name. type: str more...
- id - ID. see Notes. type: int required: true more...
- rate_limit - Rate limit (packets/s) for create PDP context request. type: int more...
- version - GTP version number: 0 or 1. type: int more...
- policy - Policy. type: list member_path: policy:id more...
- action - Action. type: str choices: allow, deny more...
- apn_sel_mode - APN selection mode. type: list choices: ms, net, vrf more...
- apnmember - APN member. type: list member_path: policy:id/apnmember:name more...
- name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true more...
- id - ID. see Notes. type: int required: true more...
- imei - IMEI pattern. type: str more...
- imsi - IMSI prefix. type: str more...
- imsi_prefix - IMSI prefix. type: str more...
- max_apn_restriction - Maximum APN restriction value. type: str choices: all, public-1, public-2, private-1, private-2 more...
- messages - GTP messages. type: list choices: create-req, create-res, update-req, update-res more...
- msisdn - MSISDN prefix. type: str more...
- msisdn_prefix - MSISDN prefix. type: str more...
- rai - RAI pattern. type: str more...
- rat_type - RAT Type. type: list choices: any, utran, geran, wlan, gan, hspa, eutran, virtual, nbiot more...
- uli - ULI pattern. type: str more...
- policy_filter - Advanced policy filter type: str choices: enable, disable more...
- policy_v2 - Apply allow or deny action to each GTPv2-c packet. type: list member_path: policy_v2:id more...
- action - Action. type: str choices: allow, deny more...
- apn_sel_mode - APN selection mode. type: list choices: ms, net, vrf more...
- apnmember - APN member. type: list member_path: policy_v2:id/apnmember:name more...
- name - APN name. Source gtp.apn.name gtp.apngrp.name. type: str required: true more...
- id - ID. see Notes. type: int required: true more...
- imsi_prefix - IMSI prefix. type: str more...
- max_apn_restriction - Maximum APN restriction value. type: str choices: all, public-1, public-2, private-1, private-2 more...
- mei - MEI pattern. type: str more...
- messages - GTP messages. type: list choices: create-ses-req, create-ses-res, modify-bearer-req, modify-bearer-res more...
- msisdn_prefix - MSISDN prefix. type: str more...
- rat_type - RAT Type. type: list choices: any, utran, geran, wlan, gan, hspa, eutran, virtual, nbiot, ltem, nr more...
- uli - GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI). type: list
- port_notify - overbilling notify port type: int more...
- rat_timeout_profile - RAT timeout profile. Source gtp.rat-timeout-profile.name. type: str more...
- rate_limit_mode - GTP rate limit mode. type: str choices: per-profile, per-stream, per-apn more...
- rate_limited_log - log rate limited type: str choices: enable, disable more...
- rate_sampling_interval - rate sampling interval (1-3600 seconds) type: int more...
- remove_if_echo_expires - remove if echo response expires type: str choices: enable, disable more...
- remove_if_recovery_differ - remove upon different Recovery IE type: str choices: enable, disable more...
- reserved_ie - reserved information element type: str choices: allow, deny more...
- send_delete_when_timeout - send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. type: str choices: enable, disable more...
- send_delete_when_timeout_v2 - send DELETE request to path endpoints when GTPv2 tunnel timeout. type: str choices: enable, disable more...
- spoof_src_addr - Spoofed source address for Mobile Station. type: str choices: allow, deny more...
- state_invalid_log - log state invalid type: str choices: enable, disable more...
- sub_second_interval - Sub-second interval (0.1, 0.25, or 0.5 sec). type: str choices: 0.5, 0.25, 0.1 more...
- sub_second_sampling - Enable/disable sub-second sampling. type: str choices: enable, disable more...
- traffic_count_log - log tunnel traffic counter type: str choices: enable, disable more...
- tunnel_limit - tunnel limit type: int more...
- tunnel_limit_log - tunnel limit type: str choices: enable, disable more...
- tunnel_timeout - Established tunnel timeout (in seconds). type: int more...
- unknown_version_action - action for unknown gtp version type: str choices: allow, deny more...
- user_plane_message_rate_limit - user plane message rate limit type: int more...
- warning_threshold - Warning threshold for rate limiting (0 - 99 percent). type: int more...
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- name: Configure GTP.
fortinet.fortios.fortios_firewall_gtp:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_gtp:
addr_notify: "<your_own_value>"
apn:
-
action: "allow"
apnmember:
-
name: "default_name_7 (source gtp.apn.name gtp.apngrp.name)"
id: "8"
selection_mode: "ms"
apn_filter: "enable"
authorized_ggsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
authorized_ggsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
authorized_sgsns: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
authorized_sgsns6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
comment: "Comment."
context_id: "696"
control_plane_message_rate_limit: "0"
default_apn_action: "allow"
default_imsi_action: "allow"
default_ip_action: "allow"
default_noip_action: "allow"
default_policy_action: "allow"
denied_log: "enable"
echo_request_interval: "0"
extension_log: "enable"
forwarded_log: "enable"
global_tunnel_limit: "<your_own_value> (source gtp.tunnel-limit.name)"
gtp_in_gtp: "allow"
gtpu_denied_log: "enable"
gtpu_forwarded_log: "enable"
gtpu_log_freq: "0"
half_close_timeout: "10"
half_open_timeout: "300"
handover_group: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
handover_group6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ie_allow_list_v0v1: "<your_own_value> (source gtp.ie-allow-list.name)"
ie_allow_list_v2: "<your_own_value> (source gtp.ie-allow-list.name)"
ie_remove_policy:
-
id: "39"
remove_ies: "apn-restriction"
sgsn_addr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
sgsn_addr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ie_remover: "enable"
ie_validation:
apn_restriction: "enable"
charging_gateway_addr: "enable"
charging_ID: "enable"
end_user_addr: "enable"
gsn_addr: "enable"
imei: "enable"
imsi: "enable"
mm_context: "enable"
ms_tzone: "enable"
ms_validated: "enable"
msisdn: "enable"
nsapi: "enable"
pdp_context: "enable"
qos_profile: "enable"
rai: "enable"
rat_type: "enable"
reordering_required: "enable"
selection_mode: "enable"
uli: "enable"
ie_white_list_v0v1: "<your_own_value> (source gtp.ie-white-list.name)"
ie_white_list_v2: "<your_own_value> (source gtp.ie-white-list.name)"
imsi:
-
action: "allow"
apnmember:
-
name: "default_name_69 (source gtp.apn.name gtp.apngrp.name)"
id: "70"
mcc_mnc: "<your_own_value>"
msisdn_prefix: "<your_own_value>"
selection_mode: "ms"
imsi_filter: "enable"
interface_notify: "<your_own_value> (source system.interface.name)"
invalid_reserved_field: "allow"
invalid_sgsns_to_log: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
invalid_sgsns6_to_log: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ip_filter: "enable"
ip_policy:
-
action: "allow"
dstaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
dstaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
id: "84"
srcaddr: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
srcaddr6: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
log_freq: "0"
log_gtpu_limit: "0"
log_imsi_prefix: "<your_own_value>"
log_msisdn_prefix: "<your_own_value>"
max_message_length: "1452"
message_filter_v0v1: "<your_own_value> (source gtp.message-filter-v0v1.name)"
message_filter_v2: "<your_own_value> (source gtp.message-filter-v2.name)"
message_rate_limit:
create_aa_pdp_request: "0"
create_aa_pdp_response: "0"
create_mbms_request: "0"
create_mbms_response: "0"
create_pdp_request: "0"
create_pdp_response: "0"
delete_aa_pdp_request: "0"
delete_aa_pdp_response: "0"
delete_mbms_request: "0"
delete_mbms_response: "0"
delete_pdp_request: "0"
delete_pdp_response: "0"
echo_reponse: "0"
echo_request: "0"
error_indication: "0"
failure_report_request: "0"
failure_report_response: "0"
fwd_reloc_complete_ack: "0"
fwd_relocation_complete: "0"
fwd_relocation_request: "0"
fwd_relocation_response: "0"
fwd_srns_context: "0"
fwd_srns_context_ack: "0"
g_pdu: "0"
identification_request: "0"
identification_response: "0"
mbms_de_reg_request: "0"
mbms_de_reg_response: "0"
mbms_notify_rej_request: "0"
mbms_notify_rej_response: "0"
mbms_notify_request: "0"
mbms_notify_response: "0"
mbms_reg_request: "0"
mbms_reg_response: "0"
mbms_ses_start_request: "0"
mbms_ses_start_response: "0"
mbms_ses_stop_request: "0"
mbms_ses_stop_response: "0"
note_ms_request: "0"
note_ms_response: "0"
pdu_notify_rej_request: "0"
pdu_notify_rej_response: "0"
pdu_notify_request: "0"
pdu_notify_response: "0"
ran_info: "0"
relocation_cancel_request: "0"
relocation_cancel_response: "0"
send_route_request: "0"
send_route_response: "0"
sgsn_context_ack: "0"
sgsn_context_request: "0"
sgsn_context_response: "0"
support_ext_hdr_notify: "0"
update_mbms_request: "0"
update_mbms_response: "0"
update_pdp_request: "0"
update_pdp_response: "0"
version_not_support: "0"
message_rate_limit_v0:
create_pdp_request: "0"
delete_pdp_request: "0"
echo_request: "0"
message_rate_limit_v1:
create_pdp_request: "0"
delete_pdp_request: "0"
echo_request: "0"
message_rate_limit_v2:
create_session_request: "0"
delete_session_request: "0"
echo_request: "0"
min_message_length: "0"
miss_must_ie: "allow"
monitor_mode: "enable"
name: "default_name_168"
noip_filter: "enable"
noip_policy:
-
action: "allow"
end: "0"
id: "173"
start: "0"
type: "etsi"
out_of_state_ie: "allow"
out_of_state_message: "allow"
per_apn_shaper:
-
apn: "<your_own_value> (source gtp.apn.name)"
id: "180"
rate_limit: "0"
version: "1"
policy:
-
action: "allow"
apn_sel_mode: "ms"
apnmember:
-
name: "default_name_187 (source gtp.apn.name gtp.apngrp.name)"
id: "188"
imei: "<your_own_value>"
imsi: "<your_own_value>"
imsi_prefix: "<your_own_value>"
max_apn_restriction: "all"
messages: "create-req"
msisdn: "<your_own_value>"
msisdn_prefix: "<your_own_value>"
rai: "<your_own_value>"
rat_type: "any"
uli: "<your_own_value>"
policy_filter: "enable"
policy_v2:
-
action: "allow"
apn_sel_mode: "ms"
apnmember:
-
name: "default_name_204 (source gtp.apn.name gtp.apngrp.name)"
id: "205"
imsi_prefix: "<your_own_value>"
max_apn_restriction: "all"
mei: "<your_own_value>"
messages: "create-ses-req"
msisdn_prefix: "<your_own_value>"
rat_type: "any"
uli: "<your_own_value>"
port_notify: "21123"
rat_timeout_profile: "<your_own_value> (source gtp.rat-timeout-profile.name)"
rate_limit_mode: "per-profile"
rate_limited_log: "enable"
rate_sampling_interval: "1"
remove_if_echo_expires: "enable"
remove_if_recovery_differ: "enable"
reserved_ie: "allow"
send_delete_when_timeout: "enable"
send_delete_when_timeout_v2: "enable"
spoof_src_addr: "allow"
state_invalid_log: "enable"
sub_second_interval: "0.5"
sub_second_sampling: "enable"
traffic_count_log: "enable"
tunnel_limit: "0"
tunnel_limit_log: "enable"
tunnel_timeout: "86400"
unknown_version_action: "allow"
user_plane_message_rate_limit: "0"
warning_threshold: "0"
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status
This module is not guaranteed to have a backwards compatible interface.