New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
voip_profile
-
|
Default: null
|
Configure VoIP profiles.
|
||
comment
-
|
Comment.
|
|||
name
-
/ required
|
Profile name.
|
|||
sccp
-
|
SCCP.
|
|||
block-mcast
-
|
|
Enable/disable block multicast RTP connections.
|
||
log-call-summary
-
|
|
Enable/disable log summary of SCCP calls.
|
||
log-violations
-
|
|
Enable/disable logging of SCCP violations.
|
||
max-calls
-
|
Maximum calls per minute per SCCP client (max 65535).
|
|||
status
-
|
|
Enable/disable SCCP.
|
||
verify-header
-
|
|
Enable/disable verify SCCP header content.
|
||
sip
-
|
SIP.
|
|||
ack-rate
-
|
ACK request rate limit (per second, per policy).
|
|||
block-ack
-
|
|
Enable/disable block ACK requests.
|
||
block-bye
-
|
|
Enable/disable block BYE requests.
|
||
block-cancel
-
|
|
Enable/disable block CANCEL requests.
|
||
block-geo-red-options
-
|
|
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
|
||
block-info
-
|
|
Enable/disable block INFO requests.
|
||
block-invite
-
|
|
Enable/disable block INVITE requests.
|
||
block-long-lines
-
|
|
Enable/disable block requests with headers exceeding max-line-length.
|
||
block-message
-
|
|
Enable/disable block MESSAGE requests.
|
||
block-notify
-
|
|
Enable/disable block NOTIFY requests.
|
||
block-options
-
|
|
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
|
||
block-prack
-
|
|
Enable/disable block prack requests.
|
||
block-publish
-
|
|
Enable/disable block PUBLISH requests.
|
||
block-refer
-
|
|
Enable/disable block REFER requests.
|
||
block-register
-
|
|
Enable/disable block REGISTER requests.
|
||
block-subscribe
-
|
|
Enable/disable block SUBSCRIBE requests.
|
||
block-unknown
-
|
|
Block unrecognized SIP requests (enabled by default).
|
||
block-update
-
|
|
Enable/disable block UPDATE requests.
|
||
bye-rate
-
|
BYE request rate limit (per second, per policy).
|
|||
call-keepalive
-
|
Continue tracking calls with no RTP for this many minutes.
|
|||
cancel-rate
-
|
CANCEL request rate limit (per second, per policy).
|
|||
contact-fixup
-
|
|
Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.
|
||
hnt-restrict-source-ip
-
|
|
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
|
||
hosted-nat-traversal
-
|
|
Hosted NAT Traversal (HNT).
|
||
info-rate
-
|
INFO request rate limit (per second, per policy).
|
|||
invite-rate
-
|
INVITE request rate limit (per second, per policy).
|
|||
ips-rtp
-
|
|
Enable/disable allow IPS on RTP.
|
||
log-call-summary
-
|
|
Enable/disable logging of SIP call summary.
|
||
log-violations
-
|
|
Enable/disable logging of SIP violations.
|
||
malformed-header-allow
-
|
|
Action for malformed Allow header.
|
||
malformed-header-call-id
-
|
|
Action for malformed Call-ID header.
|
||
malformed-header-contact
-
|
|
Action for malformed Contact header.
|
||
malformed-header-content-length
-
|
|
Action for malformed Content-Length header.
|
||
malformed-header-content-type
-
|
|
Action for malformed Content-Type header.
|
||
malformed-header-cseq
-
|
|
Action for malformed CSeq header.
|
||
malformed-header-expires
-
|
|
Action for malformed Expires header.
|
||
malformed-header-from
-
|
|
Action for malformed From header.
|
||
malformed-header-max-forwards
-
|
|
Action for malformed Max-Forwards header.
|
||
malformed-header-p-asserted-identity
-
|
|
Action for malformed P-Asserted-Identity header.
|
||
malformed-header-rack
-
|
|
Action for malformed RAck header.
|
||
malformed-header-record-route
-
|
|
Action for malformed Record-Route header.
|
||
malformed-header-route
-
|
|
Action for malformed Route header.
|
||
malformed-header-rseq
-
|
|
Action for malformed RSeq header.
|
||
malformed-header-sdp-a
-
|
|
Action for malformed SDP a line.
|
||
malformed-header-sdp-b
-
|
|
Action for malformed SDP b line.
|
||
malformed-header-sdp-c
-
|
|
Action for malformed SDP c line.
|
||
malformed-header-sdp-i
-
|
|
Action for malformed SDP i line.
|
||
malformed-header-sdp-k
-
|
|
Action for malformed SDP k line.
|
||
malformed-header-sdp-m
-
|
|
Action for malformed SDP m line.
|
||
malformed-header-sdp-o
-
|
|
Action for malformed SDP o line.
|
||
malformed-header-sdp-r
-
|
|
Action for malformed SDP r line.
|
||
malformed-header-sdp-s
-
|
|
Action for malformed SDP s line.
|
||
malformed-header-sdp-t
-
|
|
Action for malformed SDP t line.
|
||
malformed-header-sdp-v
-
|
|
Action for malformed SDP v line.
|
||
malformed-header-sdp-z
-
|
|
Action for malformed SDP z line.
|
||
malformed-header-to
-
|
|
Action for malformed To header.
|
||
malformed-header-via
-
|
|
Action for malformed VIA header.
|
||
malformed-request-line
-
|
|
Action for malformed request line.
|
||
max-body-length
-
|
Maximum SIP message body length (0 meaning no limit).
|
|||
max-dialogs
-
|
Maximum number of concurrent calls/dialogs (per policy).
|
|||
max-idle-dialogs
-
|
Maximum number established but idle dialogs to retain (per policy).
|
|||
max-line-length
-
|
Maximum SIP header line length (78-4096).
|
|||
message-rate
-
|
MESSAGE request rate limit (per second, per policy).
|
|||
nat-trace
-
|
|
Enable/disable preservation of original IP in SDP i line.
|
||
no-sdp-fixup
-
|
|
Enable/disable no SDP fix-up.
|
||
notify-rate
-
|
NOTIFY request rate limit (per second, per policy).
|
|||
open-contact-pinhole
-
|
|
Enable/disable open pinhole for non-REGISTER Contact port.
|
||
open-record-route-pinhole
-
|
|
Enable/disable open pinhole for Record-Route port.
|
||
open-register-pinhole
-
|
|
Enable/disable open pinhole for REGISTER Contact port.
|
||
open-via-pinhole
-
|
|
Enable/disable open pinhole for Via port.
|
||
options-rate
-
|
OPTIONS request rate limit (per second, per policy).
|
|||
prack-rate
-
|
PRACK request rate limit (per second, per policy).
|
|||
preserve-override
-
|
|
Override i line to preserve original IPS (default: append).
|
||
provisional-invite-expiry-time
-
|
Expiry time for provisional INVITE (10 - 3600 sec).
|
|||
publish-rate
-
|
PUBLISH request rate limit (per second, per policy).
|
|||
refer-rate
-
|
REFER request rate limit (per second, per policy).
|
|||
register-contact-trace
-
|
|
Enable/disable trace original IP/port within the contact header of REGISTER requests.
|
||
register-rate
-
|
REGISTER request rate limit (per second, per policy).
|
|||
rfc2543-branch
-
|
|
Enable/disable support via branch compliant with RFC 2543.
|
||
rtp
-
|
|
Enable/disable create pinholes for RTP traffic to traverse firewall.
|
||
ssl-algorithm
-
|
|
Relative strength of encryption algorithms accepted in negotiation.
|
||
ssl-auth-client
-
|
Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name.
|
|||
ssl-auth-server
-
|
Authenticate the server's certificate with the peer/peergrp. Source user.peer.name user.peergrp.name.
|
|||
ssl-client-certificate
-
|
Name of Certificate to offer to server if requested. Source vpn.certificate.local.name.
|
|||
ssl-client-renegotiation
-
|
|
Allow/block client renegotiation by server.
|
||
ssl-max-version
-
|
|
Highest SSL/TLS version to negotiate.
|
||
ssl-min-version
-
|
|
Lowest SSL/TLS version to negotiate.
|
||
ssl-mode
-
|
|
SSL/TLS mode for encryption & decryption of traffic.
|
||
ssl-pfs
-
|
|
SSL Perfect Forward Secrecy.
|
||
ssl-send-empty-frags
-
|
|
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
|
||
ssl-server-certificate
-
|
Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name.
|
|||
status
-
|
|
Enable/disable SIP.
|
||
strict-register
-
|
|
Enable/disable only allow the registrar to connect.
|
||
subscribe-rate
-
|
SUBSCRIBE request rate limit (per second, per policy).
|
|||
unknown-header
-
|
|
Action for unknown SIP header.
|
||
update-rate
-
|
UPDATE request rate limit (per second, per policy).
|
|||
state
-
|
|
Indicates whether to create or remove the object
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure VoIP profiles.
fortios_voip_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
voip_profile:
state: "present"
comment: "Comment."
name: "default_name_4"
sccp:
block-mcast: "disable"
log-call-summary: "disable"
log-violations: "disable"
max-calls: "9"
status: "disable"
verify-header: "disable"
sip:
ack-rate: "13"
block-ack: "disable"
block-bye: "disable"
block-cancel: "disable"
block-geo-red-options: "disable"
block-info: "disable"
block-invite: "disable"
block-long-lines: "disable"
block-message: "disable"
block-notify: "disable"
block-options: "disable"
block-prack: "disable"
block-publish: "disable"
block-refer: "disable"
block-register: "disable"
block-subscribe: "disable"
block-unknown: "disable"
block-update: "disable"
bye-rate: "31"
call-keepalive: "32"
cancel-rate: "33"
contact-fixup: "disable"
hnt-restrict-source-ip: "disable"
hosted-nat-traversal: "disable"
info-rate: "37"
invite-rate: "38"
ips-rtp: "disable"
log-call-summary: "disable"
log-violations: "disable"
malformed-header-allow: "discard"
malformed-header-call-id: "discard"
malformed-header-contact: "discard"
malformed-header-content-length: "discard"
malformed-header-content-type: "discard"
malformed-header-cseq: "discard"
malformed-header-expires: "discard"
malformed-header-from: "discard"
malformed-header-max-forwards: "discard"
malformed-header-p-asserted-identity: "discard"
malformed-header-rack: "discard"
malformed-header-record-route: "discard"
malformed-header-route: "discard"
malformed-header-rseq: "discard"
malformed-header-sdp-a: "discard"
malformed-header-sdp-b: "discard"
malformed-header-sdp-c: "discard"
malformed-header-sdp-i: "discard"
malformed-header-sdp-k: "discard"
malformed-header-sdp-m: "discard"
malformed-header-sdp-o: "discard"
malformed-header-sdp-r: "discard"
malformed-header-sdp-s: "discard"
malformed-header-sdp-t: "discard"
malformed-header-sdp-v: "discard"
malformed-header-sdp-z: "discard"
malformed-header-to: "discard"
malformed-header-via: "discard"
malformed-request-line: "discard"
max-body-length: "71"
max-dialogs: "72"
max-idle-dialogs: "73"
max-line-length: "74"
message-rate: "75"
nat-trace: "disable"
no-sdp-fixup: "disable"
notify-rate: "78"
open-contact-pinhole: "disable"
open-record-route-pinhole: "disable"
open-register-pinhole: "disable"
open-via-pinhole: "disable"
options-rate: "83"
prack-rate: "84"
preserve-override: "disable"
provisional-invite-expiry-time: "86"
publish-rate: "87"
refer-rate: "88"
register-contact-trace: "disable"
register-rate: "90"
rfc2543-branch: "disable"
rtp: "disable"
ssl-algorithm: "high"
ssl-auth-client: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl-auth-server: "<your_own_value> (source user.peer.name user.peergrp.name)"
ssl-client-certificate: "<your_own_value> (source vpn.certificate.local.name)"
ssl-client-renegotiation: "allow"
ssl-max-version: "ssl-3.0"
ssl-min-version: "ssl-3.0"
ssl-mode: "off"
ssl-pfs: "require"
ssl-send-empty-frags: "enable"
ssl-server-certificate: "<your_own_value> (source vpn.certificate.local.name)"
status: "disable"
strict-register: "disable"
subscribe-rate: "106"
unknown-header: "discard"
update-rate: "108"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.