Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_voip_profile.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | |||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
| password string | Default: "" | FortiOS or FortiGate password. | ||
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
| state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
| username string | FortiOS or FortiGate username. | |||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
| voip_profile dictionary | Configure VoIP profiles. | |||
| comment string | Comment. | |||
| name string / required | Profile name. | |||
| sccp dictionary | SCCP. | |||
| block_mcast string |
| Enable/disable block multicast RTP connections. | ||
| log_call_summary string |
| Enable/disable log summary of SCCP calls. | ||
| log_violations string |
| Enable/disable logging of SCCP violations. | ||
| max_calls integer | Maximum calls per minute per SCCP client (max 65535). | |||
| status string |
| Enable/disable SCCP. | ||
| verify_header string |
| Enable/disable verify SCCP header content. | ||
| sip dictionary | SIP. | |||
| ack_rate integer | ACK request rate limit (per second, per policy). | |||
| block_ack string |
| Enable/disable block ACK requests. | ||
| block_bye string |
| Enable/disable block BYE requests. | ||
| block_cancel string |
| Enable/disable block CANCEL requests. | ||
| block_geo_red_options string |
| Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. | ||
| block_info string |
| Enable/disable block INFO requests. | ||
| block_invite string |
| Enable/disable block INVITE requests. | ||
| block_long_lines string |
| Enable/disable block requests with headers exceeding max-line-length. | ||
| block_message string |
| Enable/disable block MESSAGE requests. | ||
| block_notify string |
| Enable/disable block NOTIFY requests. | ||
| block_options string |
| Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. | ||
| block_prack string |
| Enable/disable block prack requests. | ||
| block_publish string |
| Enable/disable block PUBLISH requests. | ||
| block_refer string |
| Enable/disable block REFER requests. | ||
| block_register string |
| Enable/disable block REGISTER requests. | ||
| block_subscribe string |
| Enable/disable block SUBSCRIBE requests. | ||
| block_unknown string |
| Block unrecognized SIP requests (enabled by default). | ||
| block_update string |
| Enable/disable block UPDATE requests. | ||
| bye_rate integer | BYE request rate limit (per second, per policy). | |||
| call_keepalive integer | Continue tracking calls with no RTP for this many minutes. | |||
| cancel_rate integer | CANCEL request rate limit (per second, per policy). | |||
| contact_fixup string |
| Fixup contact anyway even if contact"s IP:port doesn"t match session"s IP:port. | ||
| hnt_restrict_source_ip string |
| Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. | ||
| hosted_nat_traversal string |
| Hosted NAT Traversal (HNT). | ||
| info_rate integer | INFO request rate limit (per second, per policy). | |||
| invite_rate integer | INVITE request rate limit (per second, per policy). | |||
| ips_rtp string |
| Enable/disable allow IPS on RTP. | ||
| log_call_summary string |
| Enable/disable logging of SIP call summary. | ||
| log_violations string |
| Enable/disable logging of SIP violations. | ||
| malformed_header_allow string |
| Action for malformed Allow header. | ||
| malformed_header_call_id string |
| Action for malformed Call-ID header. | ||
| malformed_header_contact string |
| Action for malformed Contact header. | ||
| malformed_header_content_length string |
| Action for malformed Content-Length header. | ||
| malformed_header_content_type string |
| Action for malformed Content-Type header. | ||
| malformed_header_cseq string |
| Action for malformed CSeq header. | ||
| malformed_header_expires string |
| Action for malformed Expires header. | ||
| malformed_header_from string |
| Action for malformed From header. | ||
| malformed_header_max_forwards string |
| Action for malformed Max-Forwards header. | ||
| malformed_header_p_asserted_identity string |
| Action for malformed P-Asserted-Identity header. | ||
| malformed_header_rack string |
| Action for malformed RAck header. | ||
| malformed_header_record_route string |
| Action for malformed Record-Route header. | ||
| malformed_header_route string |
| Action for malformed Route header. | ||
| malformed_header_rseq string |
| Action for malformed RSeq header. | ||
| malformed_header_sdp_a string |
| Action for malformed SDP a line. | ||
| malformed_header_sdp_b string |
| Action for malformed SDP b line. | ||
| malformed_header_sdp_c string |
| Action for malformed SDP c line. | ||
| malformed_header_sdp_i string |
| Action for malformed SDP i line. | ||
| malformed_header_sdp_k string |
| Action for malformed SDP k line. | ||
| malformed_header_sdp_m string |
| Action for malformed SDP m line. | ||
| malformed_header_sdp_o string |
| Action for malformed SDP o line. | ||
| malformed_header_sdp_r string |
| Action for malformed SDP r line. | ||
| malformed_header_sdp_s string |
| Action for malformed SDP s line. | ||
| malformed_header_sdp_t string |
| Action for malformed SDP t line. | ||
| malformed_header_sdp_v string |
| Action for malformed SDP v line. | ||
| malformed_header_sdp_z string |
| Action for malformed SDP z line. | ||
| malformed_header_to string |
| Action for malformed To header. | ||
| malformed_header_via string |
| Action for malformed VIA header. | ||
| malformed_request_line string |
| Action for malformed request line. | ||
| max_body_length integer | Maximum SIP message body length (0 meaning no limit). | |||
| max_dialogs integer | Maximum number of concurrent calls/dialogs (per policy). | |||
| max_idle_dialogs integer | Maximum number established but idle dialogs to retain (per policy). | |||
| max_line_length integer | Maximum SIP header line length (78-4096). | |||
| message_rate integer | MESSAGE request rate limit (per second, per policy). | |||
| nat_trace string |
| Enable/disable preservation of original IP in SDP i line. | ||
| no_sdp_fixup string |
| Enable/disable no SDP fix-up. | ||
| notify_rate integer | NOTIFY request rate limit (per second, per policy). | |||
| open_contact_pinhole string |
| Enable/disable open pinhole for non-REGISTER Contact port. | ||
| open_record_route_pinhole string |
| Enable/disable open pinhole for Record-Route port. | ||
| open_register_pinhole string |
| Enable/disable open pinhole for REGISTER Contact port. | ||
| open_via_pinhole string |
| Enable/disable open pinhole for Via port. | ||
| options_rate integer | OPTIONS request rate limit (per second, per policy). | |||
| prack_rate integer | PRACK request rate limit (per second, per policy). | |||
| preserve_override string |
| Override i line to preserve original IPS . | ||
| provisional_invite_expiry_time integer | Expiry time for provisional INVITE (10 - 3600 sec). | |||
| publish_rate integer | PUBLISH request rate limit (per second, per policy). | |||
| refer_rate integer | REFER request rate limit (per second, per policy). | |||
| register_contact_trace string |
| Enable/disable trace original IP/port within the contact header of REGISTER requests. | ||
| register_rate integer | REGISTER request rate limit (per second, per policy). | |||
| rfc2543_branch string |
| Enable/disable support via branch compliant with RFC 2543. | ||
| rtp string |
| Enable/disable create pinholes for RTP traffic to traverse firewall. | ||
| ssl_algorithm string |
| Relative strength of encryption algorithms accepted in negotiation. | ||
| ssl_auth_client string | Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name. | |||
| ssl_auth_server string | Authenticate the server"s certificate with the peer/peergrp. Source user.peer.name user.peergrp.name. | |||
| ssl_client_certificate string | Name of Certificate to offer to server if requested. Source vpn.certificate.local.name. | |||
| ssl_client_renegotiation string |
| Allow/block client renegotiation by server. | ||
| ssl_max_version string |
| Highest SSL/TLS version to negotiate. | ||
| ssl_min_version string |
| Lowest SSL/TLS version to negotiate. | ||
| ssl_mode string |
| SSL/TLS mode for encryption & decryption of traffic. | ||
| ssl_pfs string |
| SSL Perfect Forward Secrecy. | ||
| ssl_send_empty_frags string |
| Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). | ||
| ssl_server_certificate string | Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name. | |||
| status string |
| Enable/disable SIP. | ||
| strict_register string |
| Enable/disable only allow the registrar to connect. | ||
| subscribe_rate integer | SUBSCRIBE request rate limit (per second, per policy). | |||
| unknown_header string |
| Action for unknown SIP header. | ||
| update_rate integer | UPDATE request rate limit (per second, per policy). | |||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VoIP profiles.
fortios_voip_profile:
vdom: "{{ vdom }}"
state: "present"
voip_profile:
comment: "Comment."
name: "default_name_4"
sccp:
block_mcast: "disable"
log_call_summary: "disable"
log_violations: "disable"
max_calls: "9"
status: "disable"
verify_header: "disable"
sip:
ack_rate: "13"
block_ack: "disable"
block_bye: "disable"
block_cancel: "disable"
block_geo_red_options: "disable"
block_info: "disable"
block_invite: "disable"
block_long_lines: "disable"
block_message: "disable"
block_notify: "disable"
block_options: "disable"
block_prack: "disable"
block_publish: "disable"
block_refer: "disable"
block_register: "disable"
block_subscribe: "disable"
block_unknown: "disable"
block_update: "disable"
bye_rate: "31"
call_keepalive: "32"
cancel_rate: "33"
contact_fixup: "disable"
hnt_restrict_source_ip: "disable"
hosted_nat_traversal: "disable"
info_rate: "37"
invite_rate: "38"
ips_rtp: "disable"
log_call_summary: "disable"
log_violations: "disable"
malformed_header_allow: "discard"
malformed_header_call_id: "discard"
malformed_header_contact: "discard"
malformed_header_content_length: "discard"
malformed_header_content_type: "discard"
malformed_header_cseq: "discard"
malformed_header_expires: "discard"
malformed_header_from: "discard"
malformed_header_max_forwards: "discard"
malformed_header_p_asserted_identity: "discard"
malformed_header_rack: "discard"
malformed_header_record_route: "discard"
malformed_header_route: "discard"
malformed_header_rseq: "discard"
malformed_header_sdp_a: "discard"
malformed_header_sdp_b: "discard"
malformed_header_sdp_c: "discard"
malformed_header_sdp_i: "discard"
malformed_header_sdp_k: "discard"
malformed_header_sdp_m: "discard"
malformed_header_sdp_o: "discard"
malformed_header_sdp_r: "discard"
malformed_header_sdp_s: "discard"
malformed_header_sdp_t: "discard"
malformed_header_sdp_v: "discard"
malformed_header_sdp_z: "discard"
malformed_header_to: "discard"
malformed_header_via: "discard"
malformed_request_line: "discard"
max_body_length: "71"
max_dialogs: "72"
max_idle_dialogs: "73"
max_line_length: "74"
message_rate: "75"
nat_trace: "disable"
no_sdp_fixup: "disable"
notify_rate: "78"
open_contact_pinhole: "disable"
open_record_route_pinhole: "disable"
open_register_pinhole: "disable"
open_via_pinhole: "disable"
options_rate: "83"
prack_rate: "84"
preserve_override: "disable"
provisional_invite_expiry_time: "86"
publish_rate: "87"
refer_rate: "88"
register_contact_trace: "disable"
register_rate: "90"
rfc2543_branch: "disable"
rtp: "disable"
ssl_algorithm: "high"
ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl_client_renegotiation: "allow"
ssl_max_version: "ssl-3.0"
ssl_min_version: "ssl-3.0"
ssl_mode: "off"
ssl_pfs: "require"
ssl_send_empty_frags: "enable"
ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
status: "disable"
strict_register: "disable"
subscribe_rate: "106"
unknown_header: "discard"
update_rate: "108"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_voip_profile_module.html