fortinet.fortimanager.fmgr_voip_profile_sip – SIP.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.0.1).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_voip_profile_sip.

New in version 2.10: of fortinet.fortimanager

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter		Choices/Defaults	Comments
adom string / required			the parameter (adom) in requested url
bypass_validation boolean		no ← yes	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
profile string / required			the parameter (profile) in requested url
rc_failed list / elements=string			the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string			the rc codes list with which the conditions to succeed will be overriden
state string / required		present absent	the directive to create, update or delete an object
voip_profile_sip dictionary			the top level parameters set
	ack-rate integer		ACK request rate limit (per second, per policy).
	block-ack string	disable enable	Enable/disable block ACK requests.
	block-bye string	disable enable	Enable/disable block BYE requests.
	block-cancel string	disable enable	Enable/disable block CANCEL requests.
	block-geo-red-options string	disable enable	Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
	block-info string	disable enable	Enable/disable block INFO requests.
	block-invite string	disable enable	Enable/disable block INVITE requests.
	block-long-lines string	disable enable	Enable/disable block requests with headers exceeding max-line-length.
	block-message string	disable enable	Enable/disable block MESSAGE requests.
	block-notify string	disable enable	Enable/disable block NOTIFY requests.
	block-options string	disable enable	Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
	block-prack string	disable enable	Enable/disable block prack requests.
	block-publish string	disable enable	Enable/disable block PUBLISH requests.
	block-refer string	disable enable	Enable/disable block REFER requests.
	block-register string	disable enable	Enable/disable block REGISTER requests.
	block-subscribe string	disable enable	Enable/disable block SUBSCRIBE requests.
	block-unknown string	disable enable	Block unrecognized SIP requests (enabled by default).
	block-update string	disable enable	Enable/disable block UPDATE requests.
	bye-rate integer		BYE request rate limit (per second, per policy).
	call-keepalive integer		Continue tracking calls with no RTP for this many minutes.
	cancel-rate integer		CANCEL request rate limit (per second, per policy).
	contact-fixup string	disable enable	Fixup contact anyway even if contacts IP:port doesnt match sessions IP:port.
	hnt-restrict-source-ip string	disable enable	Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
	hosted-nat-traversal string	disable enable	Hosted NAT Traversal (HNT).
	info-rate integer		INFO request rate limit (per second, per policy).
	invite-rate integer		INVITE request rate limit (per second, per policy).
	ips-rtp string	disable enable	Enable/disable allow IPS on RTP.
	log-call-summary string	disable enable	Enable/disable logging of SIP call summary.
	log-violations string	disable enable	Enable/disable logging of SIP violations.
	malformed-header-allow string	pass discard respond	Action for malformed Allow header.
	malformed-header-call-id string	pass discard respond	Action for malformed Call-ID header.
	malformed-header-contact string	pass discard respond	Action for malformed Contact header.
	malformed-header-content-length string	pass discard respond	Action for malformed Content-Length header.
	malformed-header-content-type string	pass discard respond	Action for malformed Content-Type header.
	malformed-header-cseq string	pass discard respond	Action for malformed CSeq header.
	malformed-header-expires string	pass discard respond	Action for malformed Expires header.
	malformed-header-from string	pass discard respond	Action for malformed From header.
	malformed-header-max-forwards string	pass discard respond	Action for malformed Max-Forwards header.
	malformed-header-p-asserted-identity string	pass discard respond	Action for malformed P-Asserted-Identity header.
	malformed-header-rack string	pass discard respond	Action for malformed RAck header.
	malformed-header-record-route string	pass discard respond	Action for malformed Record-Route header.
	malformed-header-route string	pass discard respond	Action for malformed Route header.
	malformed-header-rseq string	pass discard respond	Action for malformed RSeq header.
	malformed-header-sdp-a string	pass discard respond	Action for malformed SDP a line.
	malformed-header-sdp-b string	pass discard respond	Action for malformed SDP b line.
	malformed-header-sdp-c string	pass discard respond	Action for malformed SDP c line.
	malformed-header-sdp-i string	pass discard respond	Action for malformed SDP i line.
	malformed-header-sdp-k string	pass discard respond	Action for malformed SDP k line.
	malformed-header-sdp-m string	pass discard respond	Action for malformed SDP m line.
	malformed-header-sdp-o string	pass discard respond	Action for malformed SDP o line.
	malformed-header-sdp-r string	pass discard respond	Action for malformed SDP r line.
	malformed-header-sdp-s string	pass discard respond	Action for malformed SDP s line.
	malformed-header-sdp-t string	pass discard respond	Action for malformed SDP t line.
	malformed-header-sdp-v string	pass discard respond	Action for malformed SDP v line.
	malformed-header-sdp-z string	pass discard respond	Action for malformed SDP z line.
	malformed-header-to string	pass discard respond	Action for malformed To header.
	malformed-header-via string	pass discard respond	Action for malformed VIA header.
	malformed-request-line string	pass discard respond	Action for malformed request line.
	max-body-length integer		Maximum SIP message body length (0 meaning no limit).
	max-dialogs integer		Maximum number of concurrent calls/dialogs (per policy).
	max-idle-dialogs integer		Maximum number established but idle dialogs to retain (per policy).
	max-line-length integer		Maximum SIP header line length (78-4096).
	message-rate integer		MESSAGE request rate limit (per second, per policy).
	nat-trace string	disable enable	Enable/disable preservation of original IP in SDP i line.
	no-sdp-fixup string	disable enable	Enable/disable no SDP fix-up.
	notify-rate integer		NOTIFY request rate limit (per second, per policy).
	open-contact-pinhole string	disable enable	Enable/disable open pinhole for non-REGISTER Contact port.
	open-record-route-pinhole string	disable enable	Enable/disable open pinhole for Record-Route port.
	open-register-pinhole string	disable enable	Enable/disable open pinhole for REGISTER Contact port.
	open-via-pinhole string	disable enable	Enable/disable open pinhole for Via port.
	options-rate integer		OPTIONS request rate limit (per second, per policy).
	prack-rate integer		PRACK request rate limit (per second, per policy).
	preserve-override string	disable enable	Override i line to preserve original IPS (default: append).
	provisional-invite-expiry-time integer		Expiry time for provisional INVITE (10 - 3600 sec).
	publish-rate integer		PUBLISH request rate limit (per second, per policy).
	refer-rate integer		REFER request rate limit (per second, per policy).
	register-contact-trace string	disable enable	Enable/disable trace original IP/port within the contact header of REGISTER requests.
	register-rate integer		REGISTER request rate limit (per second, per policy).
	rfc2543-branch string	disable enable	Enable/disable support via branch compliant with RFC 2543.
	rtp string	disable enable	Enable/disable create pinholes for RTP traffic to traverse firewall.
	ssl-algorithm string	high medium low	Relative strength of encryption algorithms accepted in negotiation.
	ssl-auth-client string		Require a client certificate and authenticate it with the peer/peergrp.
	ssl-auth-server string		Authenticate the servers certificate with the peer/peergrp.
	ssl-client-certificate string		Name of Certificate to offer to server if requested.
	ssl-client-renegotiation string	allow deny secure	Allow/block client renegotiation by server.
	ssl-max-version string	ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Highest SSL/TLS version to negotiate.
	ssl-min-version string	ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Lowest SSL/TLS version to negotiate.
	ssl-mode string	off full	SSL/TLS mode for encryption & decryption of traffic.
	ssl-pfs string	require deny allow	SSL Perfect Forward Secrecy.
	ssl-send-empty-frags string	disable enable	Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
	ssl-server-certificate string		Name of Certificate return to the client in every SSL connection.
	status string	disable enable	Enable/disable SIP.
	strict-register string	disable enable	Enable/disable only allow the registrar to connect.
	subscribe-rate integer		SUBSCRIBE request rate limit (per second, per policy).
	unknown-header string	pass discard respond	Action for unknown SIP header.
	update-rate integer		UPDATE request rate limit (per second, per policy).
workspace_locking_adom string			the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer		Default: 300	the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: SIP.
     fmgr_voip_profile_sip:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        profile: <your own value>
        voip_profile_sip:
           ack-rate: <value of integer>
           block-ack: <value in [disable, enable]>
           block-bye: <value in [disable, enable]>
           block-cancel: <value in [disable, enable]>
           block-geo-red-options: <value in [disable, enable]>
           block-info: <value in [disable, enable]>
           block-invite: <value in [disable, enable]>
           block-long-lines: <value in [disable, enable]>
           block-message: <value in [disable, enable]>
           block-notify: <value in [disable, enable]>
           block-options: <value in [disable, enable]>
           block-prack: <value in [disable, enable]>
           block-publish: <value in [disable, enable]>
           block-refer: <value in [disable, enable]>
           block-register: <value in [disable, enable]>
           block-subscribe: <value in [disable, enable]>
           block-unknown: <value in [disable, enable]>
           block-update: <value in [disable, enable]>
           bye-rate: <value of integer>
           call-keepalive: <value of integer>
           cancel-rate: <value of integer>
           contact-fixup: <value in [disable, enable]>
           hnt-restrict-source-ip: <value in [disable, enable]>
           hosted-nat-traversal: <value in [disable, enable]>
           info-rate: <value of integer>
           invite-rate: <value of integer>
           ips-rtp: <value in [disable, enable]>
           log-call-summary: <value in [disable, enable]>
           log-violations: <value in [disable, enable]>
           malformed-header-allow: <value in [pass, discard, respond]>
           malformed-header-call-id: <value in [pass, discard, respond]>
           malformed-header-contact: <value in [pass, discard, respond]>
           malformed-header-content-length: <value in [pass, discard, respond]>
           malformed-header-content-type: <value in [pass, discard, respond]>
           malformed-header-cseq: <value in [pass, discard, respond]>
           malformed-header-expires: <value in [pass, discard, respond]>
           malformed-header-from: <value in [pass, discard, respond]>
           malformed-header-max-forwards: <value in [pass, discard, respond]>
           malformed-header-p-asserted-identity: <value in [pass, discard, respond]>
           malformed-header-rack: <value in [pass, discard, respond]>
           malformed-header-record-route: <value in [pass, discard, respond]>
           malformed-header-route: <value in [pass, discard, respond]>
           malformed-header-rseq: <value in [pass, discard, respond]>
           malformed-header-sdp-a: <value in [pass, discard, respond]>
           malformed-header-sdp-b: <value in [pass, discard, respond]>
           malformed-header-sdp-c: <value in [pass, discard, respond]>
           malformed-header-sdp-i: <value in [pass, discard, respond]>
           malformed-header-sdp-k: <value in [pass, discard, respond]>
           malformed-header-sdp-m: <value in [pass, discard, respond]>
           malformed-header-sdp-o: <value in [pass, discard, respond]>
           malformed-header-sdp-r: <value in [pass, discard, respond]>
           malformed-header-sdp-s: <value in [pass, discard, respond]>
           malformed-header-sdp-t: <value in [pass, discard, respond]>
           malformed-header-sdp-v: <value in [pass, discard, respond]>
           malformed-header-sdp-z: <value in [pass, discard, respond]>
           malformed-header-to: <value in [pass, discard, respond]>
           malformed-header-via: <value in [pass, discard, respond]>
           malformed-request-line: <value in [pass, discard, respond]>
           max-body-length: <value of integer>
           max-dialogs: <value of integer>
           max-idle-dialogs: <value of integer>
           max-line-length: <value of integer>
           message-rate: <value of integer>
           nat-trace: <value in [disable, enable]>
           no-sdp-fixup: <value in [disable, enable]>
           notify-rate: <value of integer>
           open-contact-pinhole: <value in [disable, enable]>
           open-record-route-pinhole: <value in [disable, enable]>
           open-register-pinhole: <value in [disable, enable]>
           open-via-pinhole: <value in [disable, enable]>
           options-rate: <value of integer>
           prack-rate: <value of integer>
           preserve-override: <value in [disable, enable]>
           provisional-invite-expiry-time: <value of integer>
           publish-rate: <value of integer>
           refer-rate: <value of integer>
           register-contact-trace: <value in [disable, enable]>
           register-rate: <value of integer>
           rfc2543-branch: <value in [disable, enable]>
           rtp: <value in [disable, enable]>
           ssl-algorithm: <value in [high, medium, low]>
           ssl-auth-client: <value of string>
           ssl-auth-server: <value of string>
           ssl-client-certificate: <value of string>
           ssl-client-renegotiation: <value in [allow, deny, secure]>
           ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-mode: <value in [off, full]>
           ssl-pfs: <value in [require, deny, allow]>
           ssl-send-empty-frags: <value in [disable, enable]>
           ssl-server-certificate: <value of string>
           status: <value in [disable, enable]>
           strict-register: <value in [disable, enable]>
           subscribe-rate: <value of integer>
           unknown-header: <value in [pass, discard, respond]>
           update-rate: <value of integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
request_url string	always	The full url requested Sample: /sys/login/user
response_code integer	always	The status of api request
response_message string	always	The descriptive message of the api response Sample: OK.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_voip_profile_sip_module.html