Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_gtp
.
New in version 2.10: of fortinet.fortimanager
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
adom string / required | the parameter (adom) in requested url | |||
bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
enable_log boolean |
| Enable/Disable logging for task | ||
firewall_gtp dictionary | the top level parameters set | |||
addr-notify string | overbilling notify address | |||
apn list / elements=string | no description | |||
action string |
| Action. | ||
apnmember string | APN member. | |||
id integer | ID. | |||
selection-mode list / elements=string |
| no description | ||
apn-filter string |
| apn filter | ||
authorized-ggsns string | Authorized GGSN group | |||
authorized-ggsns6 string | Authorized GGSN/PGW IPv6 group. | |||
authorized-sgsns string | Authorized SGSN group | |||
authorized-sgsns6 string | Authorized SGSN/SGW IPv6 group. | |||
comment string | Comment. | |||
context-id integer | Overbilling context. | |||
control-plane-message-rate-limit integer | control plane message rate limit | |||
default-apn-action string |
| default apn action | ||
default-imsi-action string |
| default imsi action | ||
default-ip-action string |
| default action for encapsulated IP traffic | ||
default-noip-action string |
| default action for encapsulated non-IP traffic | ||
default-policy-action string |
| default advanced policy action | ||
denied-log string |
| log denied | ||
echo-request-interval integer | echo request interval (in seconds) | |||
extension-log string |
| log in extension format | ||
forwarded-log string |
| log forwarded | ||
global-tunnel-limit string | Global tunnel limit. | |||
gtp-in-gtp string |
| gtp in gtp | ||
gtpu-denied-log string |
| Enable/disable logging of denied GTP-U packets. | ||
gtpu-forwarded-log string |
| Enable/disable logging of forwarded GTP-U packets. | ||
gtpu-log-freq integer | Logging of frequency of GTP-U packets. | |||
half-close-timeout integer | Half-close tunnel timeout (in seconds). | |||
half-open-timeout integer | Half-open tunnel timeout (in seconds). | |||
handover-group string | Handover SGSN group | |||
handover-group6 string | Handover SGSN/SGW IPv6 group. | |||
ie-allow-list-v0v1 string | IE allow list. | |||
ie-allow-list-v2 string | IE allow list. | |||
ie-remove-policy list / elements=string | no description | |||
id integer | ID. | |||
remove-ies list / elements=string |
| no description | ||
sgsn-addr string | SGSN address name. | |||
sgsn-addr6 string | SGSN IPv6 address name. | |||
ie-remover string |
| IE removal policy. | ||
ie-validation dictionary | no description | |||
apn-restriction string |
| Validate APN restriction. | ||
charging-gateway-addr string |
| Validate charging gateway address. | ||
charging-ID string |
| Validate charging ID. | ||
end-user-addr string |
| Validate end user address. | ||
gsn-addr string |
| Validate GSN address. | ||
imei string |
| Validate IMEI(SV). | ||
imsi string |
| Validate IMSI. | ||
mm-context string |
| Validate MM context. | ||
ms-tzone string |
| Validate MS time zone. | ||
ms-validated string |
| Validate MS validated. | ||
msisdn string |
| Validate MSISDN. | ||
nsapi string |
| Validate NSAPI. | ||
pdp-context string |
| Validate PDP context. | ||
qos-profile string |
| Validate Quality of Service(QoS) profile. | ||
rai string |
| Validate RAI. | ||
rat-type string |
| Validate RAT type. | ||
reordering-required string |
| Validate re-ordering required. | ||
selection-mode string |
| Validate selection mode. | ||
uli string |
| Validate user location information. | ||
ie-white-list-v0v1 string | IE white list. | |||
ie-white-list-v2 string | IE white list. | |||
imsi list / elements=string | no description | |||
action string |
| Action. | ||
apnmember string | APN member. | |||
id integer | ID. | |||
mcc-mnc string | MCC MNC. | |||
msisdn-prefix string | MSISDN prefix. | |||
selection-mode list / elements=string |
| no description | ||
imsi-filter string |
| imsi filter | ||
interface-notify string | overbilling interface | |||
invalid-reserved-field string |
| Invalid reserved field in GTP header | ||
invalid-sgsns-to-log string | Invalid SGSN group to be logged | |||
invalid-sgsns6-to-log string | Invalid SGSN IPv6 group to be logged. | |||
ip-filter string |
| IP filter for encapsulted traffic | ||
ip-policy list / elements=string | no description | |||
action string |
| Action. | ||
dstaddr string | Destination address name. | |||
dstaddr6 string | Destination IPv6 address name. | |||
id integer | ID. | |||
srcaddr string | Source address name. | |||
srcaddr6 string | Source IPv6 address name. | |||
log-freq integer | Logging of frequency of GTP-C packets. | |||
log-gtpu-limit integer | the user data log limit (0-512 bytes) | |||
log-imsi-prefix string | IMSI prefix for selective logging. | |||
log-msisdn-prefix string | the msisdn prefix for selective logging | |||
max-message-length integer | max message length | |||
message-filter-v0v1 string | Message filter. | |||
message-filter-v2 string | Message filter. | |||
message-rate-limit dictionary | no description | |||
create-aa-pdp-request integer | Rate limit for create AA PDP context request (packets per second). | |||
create-aa-pdp-response integer | Rate limit for create AA PDP context response (packets per second). | |||
create-mbms-request integer | Rate limit for create MBMS context request (packets per second). | |||
create-mbms-response integer | Rate limit for create MBMS context response (packets per second). | |||
create-pdp-request integer | Rate limit for create PDP context request (packets per second). | |||
create-pdp-response integer | Rate limit for create PDP context response (packets per second). | |||
delete-aa-pdp-request integer | Rate limit for delete AA PDP context request (packets per second). | |||
delete-aa-pdp-response integer | Rate limit for delete AA PDP context response (packets per second). | |||
delete-mbms-request integer | Rate limit for delete MBMS context request (packets per second). | |||
delete-mbms-response integer | Rate limit for delete MBMS context response (packets per second). | |||
delete-pdp-request integer | Rate limit for delete PDP context request (packets per second). | |||
delete-pdp-response integer | Rate limit for delete PDP context response (packets per second). | |||
echo-reponse integer | Rate limit for echo response (packets per second). | |||
echo-request integer | Rate limit for echo requests (packets per second). | |||
error-indication integer | Rate limit for error indication (packets per second). | |||
failure-report-request integer | Rate limit for failure report request (packets per second). | |||
failure-report-response integer | Rate limit for failure report response (packets per second). | |||
fwd-reloc-complete-ack integer | Rate limit for forward relocation complete acknowledge (packets per second). | |||
fwd-relocation-complete integer | Rate limit for forward relocation complete (packets per second). | |||
fwd-relocation-request integer | Rate limit for forward relocation request (packets per second). | |||
fwd-relocation-response integer | Rate limit for forward relocation response (packets per second). | |||
fwd-srns-context integer | Rate limit for forward SRNS context (packets per second). | |||
fwd-srns-context-ack integer | Rate limit for forward SRNS context acknowledge (packets per second). | |||
g-pdu integer | Rate limit for G-PDU (packets per second). | |||
identification-request integer | Rate limit for identification request (packets per second). | |||
identification-response integer | Rate limit for identification response (packets per second). | |||
mbms-de-reg-request integer | Rate limit for MBMS de-registration request (packets per second). | |||
mbms-de-reg-response integer | Rate limit for MBMS de-registration response (packets per second). | |||
mbms-notify-rej-request integer | Rate limit for MBMS notification reject request (packets per second). | |||
mbms-notify-rej-response integer | Rate limit for MBMS notification reject response (packets per second). | |||
mbms-notify-request integer | Rate limit for MBMS notification request (packets per second). | |||
mbms-notify-response integer | Rate limit for MBMS notification response (packets per second). | |||
mbms-reg-request integer | Rate limit for MBMS registration request (packets per second). | |||
mbms-reg-response integer | Rate limit for MBMS registration response (packets per second). | |||
mbms-ses-start-request integer | Rate limit for MBMS session start request (packets per second). | |||
mbms-ses-start-response integer | Rate limit for MBMS session start response (packets per second). | |||
mbms-ses-stop-request integer | Rate limit for MBMS session stop request (packets per second). | |||
mbms-ses-stop-response integer | Rate limit for MBMS session stop response (packets per second). | |||
note-ms-request integer | Rate limit for note MS GPRS present request (packets per second). | |||
note-ms-response integer | Rate limit for note MS GPRS present response (packets per second). | |||
pdu-notify-rej-request integer | Rate limit for PDU notify reject request (packets per second). | |||
pdu-notify-rej-response integer | Rate limit for PDU notify reject response (packets per second). | |||
pdu-notify-request integer | Rate limit for PDU notify request (packets per second). | |||
pdu-notify-response integer | Rate limit for PDU notify response (packets per second). | |||
ran-info integer | Rate limit for RAN information relay (packets per second). | |||
relocation-cancel-request integer | Rate limit for relocation cancel request (packets per second). | |||
relocation-cancel-response integer | Rate limit for relocation cancel response (packets per second). | |||
send-route-request integer | Rate limit for send routing information for GPRS request (packets per second). | |||
send-route-response integer | Rate limit for send routing information for GPRS response (packets per second). | |||
sgsn-context-ack integer | Rate limit for SGSN context acknowledgement (packets per second). | |||
sgsn-context-request integer | Rate limit for SGSN context request (packets per second). | |||
sgsn-context-response integer | Rate limit for SGSN context response (packets per second). | |||
support-ext-hdr-notify integer | Rate limit for support extension headers notification (packets per second). | |||
update-mbms-request integer | Rate limit for update MBMS context request (packets per second). | |||
update-mbms-response integer | Rate limit for update MBMS context response (packets per second). | |||
update-pdp-request integer | Rate limit for update PDP context request (packets per second). | |||
update-pdp-response integer | Rate limit for update PDP context response (packets per second). | |||
version-not-support integer | Rate limit for version not supported (packets per second). | |||
message-rate-limit-v0 dictionary | no description | |||
create-pdp-request integer | Rate limit (packets/s) for create PDP context request. | |||
delete-pdp-request integer | Rate limit (packets/s) for delete PDP context request. | |||
echo-request integer | Rate limit (packets/s) for echo request. | |||
message-rate-limit-v1 dictionary | no description | |||
create-pdp-request integer | Rate limit (packets/s) for create PDP context request. | |||
delete-pdp-request integer | Rate limit (packets/s) for delete PDP context request. | |||
echo-request integer | Rate limit (packets/s) for echo request. | |||
message-rate-limit-v2 dictionary | no description | |||
create-session-request integer | Rate limit (packets/s) for create session request. | |||
delete-session-request integer | Rate limit (packets/s) for delete session request. | |||
echo-request integer | Rate limit (packets/s) for echo request. | |||
min-message-length integer | min message length | |||
miss-must-ie string |
| Missing mandatory information element | ||
monitor-mode string |
| GTP monitor mode | ||
name string | Profile name. | |||
noip-filter string |
| non-IP filter for encapsulted traffic | ||
noip-policy list / elements=string | no description | |||
action string |
| Action. | ||
end integer | End of protocol range (0 - 255). | |||
id integer | ID. | |||
start integer | Start of protocol range (0 - 255). | |||
type string |
| Protocol field type. | ||
out-of-state-ie string |
| Out of state information element. | ||
out-of-state-message string |
| Out of state GTP message | ||
per-apn-shaper list / elements=string | no description | |||
apn string | APN name. | |||
id integer | ID. | |||
rate-limit integer | Rate limit (packets/s) for create PDP context request. | |||
version integer | GTP version number: 0 or 1. | |||
policy list / elements=string | no description | |||
action string |
| Action. | ||
apn-sel-mode list / elements=string |
| no description | ||
apnmember string | APN member. | |||
id integer | ID. | |||
imei string | IMEI(SV) pattern. | |||
imsi string | IMSI prefix. | |||
imsi-prefix string | IMSI prefix. | |||
max-apn-restriction string |
| Maximum APN restriction value. | ||
messages list / elements=string |
| no description | ||
msisdn string | MSISDN prefix. | |||
msisdn-prefix string | MSISDN prefix. | |||
rai string | RAI pattern. | |||
rat-type list / elements=string |
| no description | ||
uli string | ULI pattern. | |||
policy-filter string |
| Advanced policy filter | ||
policy-v2 list / elements=string | no description | |||
action string |
| Action. | ||
apn-sel-mode list / elements=string |
| no description | ||
apnmember string | APN member. | |||
id integer | ID. | |||
imsi-prefix string | IMSI prefix. | |||
max-apn-restriction string |
| Maximum APN restriction value. | ||
mei string | MEI pattern. | |||
messages list / elements=string |
| no description | ||
msisdn-prefix string | MSISDN prefix. | |||
rat-type list / elements=string |
| no description | ||
uli string | no description | |||
port-notify integer | overbilling notify port | |||
rate-limit-mode string |
| GTP rate limit mode. | ||
rate-limited-log string |
| log rate limited | ||
rate-sampling-interval integer | rate sampling interval (1-3600 seconds) | |||
remove-if-echo-expires string |
| remove if echo response expires | ||
remove-if-recovery-differ string |
| remove upon different Recovery IE | ||
reserved-ie string |
| reserved information element | ||
send-delete-when-timeout string |
| send DELETE request to path endpoints when GTPv0/v1 tunnel timeout. | ||
send-delete-when-timeout-v2 string |
| send DELETE request to path endpoints when GTPv2 tunnel timeout. | ||
spoof-src-addr string |
| Spoofed source address for Mobile Station. | ||
state-invalid-log string |
| log state invalid | ||
sub-second-interval string |
| Sub-second interval (0.1, 0.25, or 0.5 sec, default = 0.5). | ||
sub-second-sampling string |
| Enable/disable sub-second sampling. | ||
traffic-count-log string |
| log tunnel traffic counter | ||
tunnel-limit integer | tunnel limit | |||
tunnel-limit-log string |
| tunnel limit | ||
tunnel-timeout integer | Established tunnel timeout (in seconds). | |||
unknown-version-action string |
| action for unknown gtp version | ||
user-plane-message-rate-limit integer | user plane message rate limit | |||
warning-threshold integer | Warning threshold for rate limiting (0 - 99 percent). | |||
proposed_method string |
| The overridden method for the underlying Json RPC request | ||
rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | |||
rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | |||
state string / required |
| the directive to create, update or delete an object | ||
workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock |
Note
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure GTP. fmgr_firewall_gtp: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> firewall_gtp: addr-notify: <value of string> apn: - action: <value in [allow, deny]> apnmember: <value of string> id: <value of integer> selection-mode: - ms - net - vrf apn-filter: <value in [disable, enable]> authorized-ggsns: <value of string> authorized-sgsns: <value of string> comment: <value of string> context-id: <value of integer> control-plane-message-rate-limit: <value of integer> default-apn-action: <value in [allow, deny]> default-imsi-action: <value in [allow, deny]> default-ip-action: <value in [allow, deny]> default-noip-action: <value in [allow, deny]> default-policy-action: <value in [allow, deny]> denied-log: <value in [disable, enable]> echo-request-interval: <value of integer> extension-log: <value in [disable, enable]> forwarded-log: <value in [disable, enable]> global-tunnel-limit: <value of string> gtp-in-gtp: <value in [allow, deny]> gtpu-denied-log: <value in [disable, enable]> gtpu-forwarded-log: <value in [disable, enable]> gtpu-log-freq: <value of integer> half-close-timeout: <value of integer> half-open-timeout: <value of integer> handover-group: <value of string> ie-remove-policy: - id: <value of integer> remove-ies: - apn-restriction - rat-type - rai - uli - imei sgsn-addr: <value of string> sgsn-addr6: <value of string> ie-remover: <value in [disable, enable]> ie-white-list-v0v1: <value of string> ie-white-list-v2: <value of string> imsi: - action: <value in [allow, deny]> apnmember: <value of string> id: <value of integer> mcc-mnc: <value of string> msisdn-prefix: <value of string> selection-mode: - ms - net - vrf imsi-filter: <value in [disable, enable]> interface-notify: <value of string> invalid-reserved-field: <value in [allow, deny]> invalid-sgsns-to-log: <value of string> ip-filter: <value in [disable, enable]> ip-policy: - action: <value in [allow, deny]> dstaddr: <value of string> id: <value of integer> srcaddr: <value of string> dstaddr6: <value of string> srcaddr6: <value of string> log-freq: <value of integer> log-gtpu-limit: <value of integer> log-imsi-prefix: <value of string> log-msisdn-prefix: <value of string> max-message-length: <value of integer> message-filter-v0v1: <value of string> message-filter-v2: <value of string> min-message-length: <value of integer> miss-must-ie: <value in [allow, deny]> monitor-mode: <value in [disable, enable, vdom]> name: <value of string> noip-filter: <value in [disable, enable]> noip-policy: - action: <value in [allow, deny]> end: <value of integer> id: <value of integer> start: <value of integer> type: <value in [etsi, ietf]> out-of-state-ie: <value in [allow, deny]> out-of-state-message: <value in [allow, deny]> per-apn-shaper: - apn: <value of string> id: <value of integer> rate-limit: <value of integer> version: <value of integer> policy: - action: <value in [allow, deny]> apn-sel-mode: - ms - net - vrf apnmember: <value of string> id: <value of integer> imei: <value of string> imsi: <value of string> max-apn-restriction: <value in [all, public-1, public-2, ...]> messages: - create-req - create-res - update-req - update-res msisdn: <value of string> rai: <value of string> rat-type: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot uli: <value of string> imsi-prefix: <value of string> msisdn-prefix: <value of string> policy-filter: <value in [disable, enable]> port-notify: <value of integer> rate-limit-mode: <value in [per-profile, per-stream, per-apn]> rate-limited-log: <value in [disable, enable]> rate-sampling-interval: <value of integer> remove-if-echo-expires: <value in [disable, enable]> remove-if-recovery-differ: <value in [disable, enable]> reserved-ie: <value in [allow, deny]> send-delete-when-timeout: <value in [disable, enable]> send-delete-when-timeout-v2: <value in [disable, enable]> spoof-src-addr: <value in [allow, deny]> state-invalid-log: <value in [disable, enable]> traffic-count-log: <value in [disable, enable]> tunnel-limit: <value of integer> tunnel-limit-log: <value in [disable, enable]> tunnel-timeout: <value of integer> unknown-version-action: <value in [allow, deny]> user-plane-message-rate-limit: <value of integer> warning-threshold: <value of integer> policy-v2: - action: <value in [deny, allow]> apn-sel-mode: - ms - net - vrf apnmember: <value of string> id: <value of integer> imsi-prefix: <value of string> max-apn-restriction: <value in [all, public-1, public-2, ...]> mei: <value of string> messages: - create-ses-req - create-ses-res - modify-bearer-req - modify-bearer-res msisdn-prefix: <value of string> rat-type: - any - utran - geran - wlan - gan - hspa - eutran - virtual - nbiot - ltem - nr uli: <value of string> sub-second-interval: <value in [0.1, 0.25, 0.5]> sub-second-sampling: <value in [disable, enable]> authorized-ggsns6: <value of string> authorized-sgsns6: <value of string> handover-group6: <value of string> invalid-sgsns6-to-log: <value of string> ie-validation: apn-restriction: <value in [disable, enable]> charging-ID: <value in [disable, enable]> charging-gateway-addr: <value in [disable, enable]> end-user-addr: <value in [disable, enable]> gsn-addr: <value in [disable, enable]> imei: <value in [disable, enable]> imsi: <value in [disable, enable]> mm-context: <value in [disable, enable]> ms-tzone: <value in [disable, enable]> ms-validated: <value in [disable, enable]> msisdn: <value in [disable, enable]> nsapi: <value in [disable, enable]> pdp-context: <value in [disable, enable]> qos-profile: <value in [disable, enable]> rai: <value in [disable, enable]> rat-type: <value in [disable, enable]> reordering-required: <value in [disable, enable]> selection-mode: <value in [disable, enable]> uli: <value in [disable, enable]> message-rate-limit: create-aa-pdp-request: <value of integer> create-aa-pdp-response: <value of integer> create-mbms-request: <value of integer> create-mbms-response: <value of integer> create-pdp-request: <value of integer> create-pdp-response: <value of integer> delete-aa-pdp-request: <value of integer> delete-aa-pdp-response: <value of integer> delete-mbms-request: <value of integer> delete-mbms-response: <value of integer> delete-pdp-request: <value of integer> delete-pdp-response: <value of integer> echo-reponse: <value of integer> echo-request: <value of integer> error-indication: <value of integer> failure-report-request: <value of integer> failure-report-response: <value of integer> fwd-reloc-complete-ack: <value of integer> fwd-relocation-complete: <value of integer> fwd-relocation-request: <value of integer> fwd-relocation-response: <value of integer> fwd-srns-context: <value of integer> fwd-srns-context-ack: <value of integer> g-pdu: <value of integer> identification-request: <value of integer> identification-response: <value of integer> mbms-de-reg-request: <value of integer> mbms-de-reg-response: <value of integer> mbms-notify-rej-request: <value of integer> mbms-notify-rej-response: <value of integer> mbms-notify-request: <value of integer> mbms-notify-response: <value of integer> mbms-reg-request: <value of integer> mbms-reg-response: <value of integer> mbms-ses-start-request: <value of integer> mbms-ses-start-response: <value of integer> mbms-ses-stop-request: <value of integer> mbms-ses-stop-response: <value of integer> note-ms-request: <value of integer> note-ms-response: <value of integer> pdu-notify-rej-request: <value of integer> pdu-notify-rej-response: <value of integer> pdu-notify-request: <value of integer> pdu-notify-response: <value of integer> ran-info: <value of integer> relocation-cancel-request: <value of integer> relocation-cancel-response: <value of integer> send-route-request: <value of integer> send-route-response: <value of integer> sgsn-context-ack: <value of integer> sgsn-context-request: <value of integer> sgsn-context-response: <value of integer> support-ext-hdr-notify: <value of integer> update-mbms-request: <value of integer> update-mbms-response: <value of integer> update-pdp-request: <value of integer> update-pdp-response: <value of integer> version-not-support: <value of integer> message-rate-limit-v0: create-pdp-request: <value of integer> delete-pdp-request: <value of integer> echo-request: <value of integer> message-rate-limit-v1: create-pdp-request: <value of integer> delete-pdp-request: <value of integer> echo-request: <value of integer> message-rate-limit-v2: create-session-request: <value of integer> delete-session-request: <value of integer> echo-request: <value of integer> ie-allow-list-v0v1: <value of string> ie-allow-list-v2: <value of string>
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string | always | The full url requested Sample: /sys/login/user |
response_code integer | always | The status of api request |
response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_firewall_gtp_module.html