community.fortios.fmgr_secprof_voip – VOIP security profiles in FMG
community.fortios.fmgr_secprof_voip – VOIP security profiles in FMG
Note
This plugin is part of the community.fortios collection (version 1.0.0).
To install it use: ansible-galaxy collection install community.fortios.
To use it in a playbook, specify: community.fortios.fmgr_secprof_voip.
Synopsis
- Manage VOIP security profiles in FortiManager via API
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
adom string |
Default: "root" |
The ADOM the configuration should belong to. |
|
comment string |
Comment. | |
|
mode string |
|
Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
|
name string |
Profile name. | |
|
sccp string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
sccp_block_mcast string |
|
Enable/disable block multicast RTP connections. choice | disable | Disable status. choice | enable | Enable status. |
|
sccp_log_call_summary string |
|
Enable/disable log summary of SCCP calls. choice | disable | Disable status. choice | enable | Enable status. |
|
sccp_log_violations string |
|
Enable/disable logging of SCCP violations. choice | disable | Disable status. choice | enable | Enable status. |
|
sccp_max_calls string |
Maximum calls per minute per SCCP client (max 65535). | |
|
sccp_status string |
|
Enable/disable SCCP. choice | disable | Disable status. choice | enable | Enable status. |
|
sccp_verify_header string |
|
Enable/disable verify SCCP header content. choice | disable | Disable status. choice | enable | Enable status. |
|
sip string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
sip_ack_rate string |
ACK request rate limit (per second, per policy). | |
|
sip_block_ack string |
|
Enable/disable block ACK requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_bye string |
|
Enable/disable block BYE requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_cancel string |
|
Enable/disable block CANCEL requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_geo_red_options string |
|
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_info string |
|
Enable/disable block INFO requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_invite string |
|
Enable/disable block INVITE requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_long_lines string |
|
Enable/disable block requests with headers exceeding max-line-length. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_message string |
|
Enable/disable block MESSAGE requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_notify string |
|
Enable/disable block NOTIFY requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_options string |
|
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_prack string |
|
Enable/disable block prack requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_publish string |
|
Enable/disable block PUBLISH requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_refer string |
|
Enable/disable block REFER requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_register string |
|
Enable/disable block REGISTER requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_subscribe string |
|
Enable/disable block SUBSCRIBE requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_unknown string |
|
Block unrecognized SIP requests (enabled by default). choice | disable | Disable status. choice | enable | Enable status. |
|
sip_block_update string |
|
Enable/disable block UPDATE requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_bye_rate string |
BYE request rate limit (per second, per policy). | |
|
sip_call_keepalive string |
Continue tracking calls with no RTP for this many minutes. | |
|
sip_cancel_rate string |
CANCEL request rate limit (per second, per policy). | |
|
sip_contact_fixup string |
|
Fixup contact anyway even if contact's IP|port doesn't match session's IP|port. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_hnt_restrict_source_ip string |
|
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_hosted_nat_traversal string |
|
Hosted NAT Traversal (HNT). choice | disable | Disable status. choice | enable | Enable status. |
|
sip_info_rate string |
INFO request rate limit (per second, per policy). | |
|
sip_invite_rate string |
INVITE request rate limit (per second, per policy). | |
|
sip_ips_rtp string |
|
Enable/disable allow IPS on RTP. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_log_call_summary string |
|
Enable/disable logging of SIP call summary. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_log_violations string |
|
Enable/disable logging of SIP violations. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_malformed_header_allow string |
|
Action for malformed Allow header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_call_id string |
|
Action for malformed Call-ID header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_contact string |
|
Action for malformed Contact header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_content_length string |
|
Action for malformed Content-Length header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_content_type string |
|
Action for malformed Content-Type header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_cseq string |
|
Action for malformed CSeq header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_expires string |
|
Action for malformed Expires header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_from string |
|
Action for malformed From header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_max_forwards string |
|
Action for malformed Max-Forwards header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_p_asserted_identity string |
|
Action for malformed P-Asserted-Identity header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_rack string |
|
Action for malformed RAck header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_record_route string |
|
Action for malformed Record-Route header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_route string |
|
Action for malformed Route header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_rseq string |
|
Action for malformed RSeq header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_a string |
|
Action for malformed SDP a line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_b string |
|
Action for malformed SDP b line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_c string |
|
Action for malformed SDP c line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_i string |
|
Action for malformed SDP i line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_k string |
|
Action for malformed SDP k line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_m string |
|
Action for malformed SDP m line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_o string |
|
Action for malformed SDP o line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_r string |
|
Action for malformed SDP r line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_s string |
|
Action for malformed SDP s line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_t string |
|
Action for malformed SDP t line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_v string |
|
Action for malformed SDP v line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_sdp_z string |
|
Action for malformed SDP z line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_to string |
|
Action for malformed To header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_header_via string |
|
Action for malformed VIA header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_malformed_request_line string |
|
Action for malformed request line. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_max_body_length string |
Maximum SIP message body length (0 meaning no limit). | |
|
sip_max_dialogs string |
Maximum number of concurrent calls/dialogs (per policy). | |
|
sip_max_idle_dialogs string |
Maximum number established but idle dialogs to retain (per policy). | |
|
sip_max_line_length string |
Maximum SIP header line length (78-4096). | |
|
sip_message_rate string |
MESSAGE request rate limit (per second, per policy). | |
|
sip_nat_trace string |
|
Enable/disable preservation of original IP in SDP i line. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_no_sdp_fixup string |
|
Enable/disable no SDP fix-up. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_notify_rate string |
NOTIFY request rate limit (per second, per policy). | |
|
sip_open_contact_pinhole string |
|
Enable/disable open pinhole for non-REGISTER Contact port. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_open_record_route_pinhole string |
|
Enable/disable open pinhole for Record-Route port. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_open_register_pinhole string |
|
Enable/disable open pinhole for REGISTER Contact port. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_open_via_pinhole string |
|
Enable/disable open pinhole for Via port. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_options_rate string |
OPTIONS request rate limit (per second, per policy). | |
|
sip_prack_rate string |
PRACK request rate limit (per second, per policy). | |
|
sip_preserve_override string |
|
Override i line to preserve original IPS (default| append). choice | disable | Disable status. choice | enable | Enable status. |
|
sip_provisional_invite_expiry_time string |
Expiry time for provisional INVITE (10 - 3600 sec). | |
|
sip_publish_rate string |
PUBLISH request rate limit (per second, per policy). | |
|
sip_refer_rate string |
REFER request rate limit (per second, per policy). | |
|
sip_register_contact_trace string |
|
Enable/disable trace original IP/port within the contact header of REGISTER requests. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_register_rate string |
REGISTER request rate limit (per second, per policy). | |
|
sip_rfc2543_branch string |
|
Enable/disable support via branch compliant with RFC 2543. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_rtp string |
|
Enable/disable create pinholes for RTP traffic to traverse firewall. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_ssl_algorithm string |
|
Relative strength of encryption algorithms accepted in negotiation. choice | high | High encryption. Allow only AES and ChaCha. choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4. choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
|
sip_ssl_auth_client string |
Require a client certificate and authenticate it with the peer/peergrp. | |
|
sip_ssl_auth_server string |
Authenticate the server's certificate with the peer/peergrp. | |
|
sip_ssl_client_certificate string |
Name of Certificate to offer to server if requested. | |
|
sip_ssl_client_renegotiation string |
|
Allow/block client renegotiation by server. choice | allow | Allow a SSL client to renegotiate. choice | deny | Abort any SSL connection that attempts to renegotiate. choice | secure | Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication. |
|
sip_ssl_max_version string |
|
Highest SSL/TLS version to negotiate. choice | ssl-3.0 | SSL 3.0. choice | tls-1.0 | TLS 1.0. choice | tls-1.1 | TLS 1.1. choice | tls-1.2 | TLS 1.2. |
|
sip_ssl_min_version string |
|
Lowest SSL/TLS version to negotiate. choice | ssl-3.0 | SSL 3.0. choice | tls-1.0 | TLS 1.0. choice | tls-1.1 | TLS 1.1. choice | tls-1.2 | TLS 1.2. |
|
sip_ssl_mode string |
|
SSL/TLS mode for encryption & decryption of traffic. choice | off | No SSL. choice | full | Client to FortiGate and FortiGate to Server SSL. |
|
sip_ssl_pfs string |
|
SSL Perfect Forward Secrecy. choice | require | PFS mandatory. choice | deny | PFS rejected. choice | allow | PFS allowed. |
|
sip_ssl_send_empty_frags string |
|
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). choice | disable | Do not send empty fragments. choice | enable | Send empty fragments. |
|
sip_ssl_server_certificate string |
Name of Certificate return to the client in every SSL connection. | |
|
sip_status string |
|
Enable/disable SIP. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_strict_register string |
|
Enable/disable only allow the registrar to connect. choice | disable | Disable status. choice | enable | Enable status. |
|
sip_subscribe_rate string |
SUBSCRIBE request rate limit (per second, per policy). | |
|
sip_unknown_header string |
|
Action for unknown SIP header. choice | pass | Bypass malformed messages. choice | discard | Discard malformed messages. choice | respond | Respond with error code. |
|
sip_update_rate string |
UPDATE request rate limit (per second, per policy). |
Notes
Examples
- name: DELETE Profile
community.fortios.fmgr_secprof_voip:
name: "Ansible_VOIP_Profile"
mode: "delete"
- name: Create FMGR_VOIP_PROFILE
community.fortios.fmgr_secprof_voip:
mode: "set"
adom: "root"
name: "Ansible_VOIP_Profile"
comment: "Created by Ansible"
sccp: {block-mcast: "enable", log-call-summary: "enable", log-violations: "enable", status: "enable"}Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
api_result string |
always |
full API response, includes status code and message
|
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/fortios/fmgr_secprof_voip_module.html
