W3cubDocs

/Ansible 2.9

fortios_voip_profile – Configure VoIP profiles in Fortinet’s FortiOS and FortiGate

New in version 2.8.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify voip feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5

Requirements

The below requirements are needed on the host that executes this module.

fortiosapi>=0.9.8

Parameters

Parameter			Choices/Defaults	Comments
host string				FortiOS or FortiGate IP address.
https boolean			Choices: no yes ←	Indicates if the requests towards FortiGate must use HTTPS protocol.
password string			Default: ""	FortiOS or FortiGate password.
ssl_verify boolean added in 2.9			Choices: no yes ←	Ensures FortiGate certificate must be verified by a proper CA.
state string added in 2.9			Choices: present absent	Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
username string				FortiOS or FortiGate username.
vdom string			Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
voip_profile dictionary			Default: null	Configure VoIP profiles.
	comment string			Comment.
	name string / required			Profile name.
	sccp dictionary			SCCP.
		block_mcast string	Choices: disable enable	Enable/disable block multicast RTP connections.
		log_call_summary string	Choices: disable enable	Enable/disable log summary of SCCP calls.
		log_violations string	Choices: disable enable	Enable/disable logging of SCCP violations.
		max_calls integer		Maximum calls per minute per SCCP client (max 65535).
		status string	Choices: disable enable	Enable/disable SCCP.
		verify_header string	Choices: disable enable	Enable/disable verify SCCP header content.
	sip dictionary			SIP.
		ack_rate integer		ACK request rate limit (per second, per policy).
		block_ack string	Choices: disable enable	Enable/disable block ACK requests.
		block_bye string	Choices: disable enable	Enable/disable block BYE requests.
		block_cancel string	Choices: disable enable	Enable/disable block CANCEL requests.
		block_geo_red_options string	Choices: disable enable	Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
		block_info string	Choices: disable enable	Enable/disable block INFO requests.
		block_invite string	Choices: disable enable	Enable/disable block INVITE requests.
		block_long_lines string	Choices: disable enable	Enable/disable block requests with headers exceeding max-line-length.
		block_message string	Choices: disable enable	Enable/disable block MESSAGE requests.
		block_notify string	Choices: disable enable	Enable/disable block NOTIFY requests.
		block_options string	Choices: disable enable	Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
		block_prack string	Choices: disable enable	Enable/disable block prack requests.
		block_publish string	Choices: disable enable	Enable/disable block PUBLISH requests.
		block_refer string	Choices: disable enable	Enable/disable block REFER requests.
		block_register string	Choices: disable enable	Enable/disable block REGISTER requests.
		block_subscribe string	Choices: disable enable	Enable/disable block SUBSCRIBE requests.
		block_unknown string	Choices: disable enable	Block unrecognized SIP requests (enabled by default).
		block_update string	Choices: disable enable	Enable/disable block UPDATE requests.
		bye_rate integer		BYE request rate limit (per second, per policy).
		call_keepalive integer		Continue tracking calls with no RTP for this many minutes.
		cancel_rate integer		CANCEL request rate limit (per second, per policy).
		contact_fixup string	Choices: disable enable	Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.
		hnt_restrict_source_ip string	Choices: disable enable	Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
		hosted_nat_traversal string	Choices: disable enable	Hosted NAT Traversal (HNT).
		info_rate integer		INFO request rate limit (per second, per policy).
		invite_rate integer		INVITE request rate limit (per second, per policy).
		ips_rtp string	Choices: disable enable	Enable/disable allow IPS on RTP.
		log_call_summary string	Choices: disable enable	Enable/disable logging of SIP call summary.
		log_violations string	Choices: disable enable	Enable/disable logging of SIP violations.
		malformed_header_allow string	Choices: discard pass respond	Action for malformed Allow header.
		malformed_header_call_id string	Choices: discard pass respond	Action for malformed Call-ID header.
		malformed_header_contact string	Choices: discard pass respond	Action for malformed Contact header.
		malformed_header_content_length string	Choices: discard pass respond	Action for malformed Content-Length header.
		malformed_header_content_type string	Choices: discard pass respond	Action for malformed Content-Type header.
		malformed_header_cseq string	Choices: discard pass respond	Action for malformed CSeq header.
		malformed_header_expires string	Choices: discard pass respond	Action for malformed Expires header.
		malformed_header_from string	Choices: discard pass respond	Action for malformed From header.
		malformed_header_max_forwards string	Choices: discard pass respond	Action for malformed Max-Forwards header.
		malformed_header_p_asserted_identity string	Choices: discard pass respond	Action for malformed P-Asserted-Identity header.
		malformed_header_rack string	Choices: discard pass respond	Action for malformed RAck header.
		malformed_header_record_route string	Choices: discard pass respond	Action for malformed Record-Route header.
		malformed_header_route string	Choices: discard pass respond	Action for malformed Route header.
		malformed_header_rseq string	Choices: discard pass respond	Action for malformed RSeq header.
		malformed_header_sdp_a string	Choices: discard pass respond	Action for malformed SDP a line.
		malformed_header_sdp_b string	Choices: discard pass respond	Action for malformed SDP b line.
		malformed_header_sdp_c string	Choices: discard pass respond	Action for malformed SDP c line.
		malformed_header_sdp_i string	Choices: discard pass respond	Action for malformed SDP i line.
		malformed_header_sdp_k string	Choices: discard pass respond	Action for malformed SDP k line.
		malformed_header_sdp_m string	Choices: discard pass respond	Action for malformed SDP m line.
		malformed_header_sdp_o string	Choices: discard pass respond	Action for malformed SDP o line.
		malformed_header_sdp_r string	Choices: discard pass respond	Action for malformed SDP r line.
		malformed_header_sdp_s string	Choices: discard pass respond	Action for malformed SDP s line.
		malformed_header_sdp_t string	Choices: discard pass respond	Action for malformed SDP t line.
		malformed_header_sdp_v string	Choices: discard pass respond	Action for malformed SDP v line.
		malformed_header_sdp_z string	Choices: discard pass respond	Action for malformed SDP z line.
		malformed_header_to string	Choices: discard pass respond	Action for malformed To header.
		malformed_header_via string	Choices: discard pass respond	Action for malformed VIA header.
		malformed_request_line string	Choices: discard pass respond	Action for malformed request line.
		max_body_length integer		Maximum SIP message body length (0 meaning no limit).
		max_dialogs integer		Maximum number of concurrent calls/dialogs (per policy).
		max_idle_dialogs integer		Maximum number established but idle dialogs to retain (per policy).
		max_line_length integer		Maximum SIP header line length (78-4096).
		message_rate integer		MESSAGE request rate limit (per second, per policy).
		nat_trace string	Choices: disable enable	Enable/disable preservation of original IP in SDP i line.
		no_sdp_fixup string	Choices: disable enable	Enable/disable no SDP fix-up.
		notify_rate integer		NOTIFY request rate limit (per second, per policy).
		open_contact_pinhole string	Choices: disable enable	Enable/disable open pinhole for non-REGISTER Contact port.
		open_record_route_pinhole string	Choices: disable enable	Enable/disable open pinhole for Record-Route port.
		open_register_pinhole string	Choices: disable enable	Enable/disable open pinhole for REGISTER Contact port.
		open_via_pinhole string	Choices: disable enable	Enable/disable open pinhole for Via port.
		options_rate integer		OPTIONS request rate limit (per second, per policy).
		prack_rate integer		PRACK request rate limit (per second, per policy).
		preserve_override string	Choices: disable enable	Override i line to preserve original IPS .
		provisional_invite_expiry_time integer		Expiry time for provisional INVITE (10 - 3600 sec).
		publish_rate integer		PUBLISH request rate limit (per second, per policy).
		refer_rate integer		REFER request rate limit (per second, per policy).
		register_contact_trace string	Choices: disable enable	Enable/disable trace original IP/port within the contact header of REGISTER requests.
		register_rate integer		REGISTER request rate limit (per second, per policy).
		rfc2543_branch string	Choices: disable enable	Enable/disable support via branch compliant with RFC 2543.
		rtp string	Choices: disable enable	Enable/disable create pinholes for RTP traffic to traverse firewall.
		ssl_algorithm string	Choices: high medium low	Relative strength of encryption algorithms accepted in negotiation.
		ssl_auth_client string		Require a client certificate and authenticate it with the peer/peergrp. Source user.peer.name user.peergrp.name.
		ssl_auth_server string		Authenticate the server's certificate with the peer/peergrp. Source user.peer.name user.peergrp.name.
		ssl_client_certificate string		Name of Certificate to offer to server if requested. Source vpn.certificate.local.name.
		ssl_client_renegotiation string	Choices: allow deny secure	Allow/block client renegotiation by server.
		ssl_max_version string	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Highest SSL/TLS version to negotiate.
		ssl_min_version string	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Lowest SSL/TLS version to negotiate.
		ssl_mode string	Choices: no full	SSL/TLS mode for encryption & decryption of traffic.
		ssl_pfs string	Choices: require deny allow	SSL Perfect Forward Secrecy.
		ssl_send_empty_frags string	Choices: enable disable	Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
		ssl_server_certificate string		Name of Certificate return to the client in every SSL connection. Source vpn.certificate.local.name.
		status string	Choices: disable enable	Enable/disable SIP.
		strict_register string	Choices: disable enable	Enable/disable only allow the registrar to connect.
		subscribe_rate integer		SUBSCRIBE request rate limit (per second, per policy).
		unknown_header string	Choices: discard pass respond	Action for unknown SIP header.
		update_rate integer		UPDATE request rate limit (per second, per policy).
	state string		Choices: present absent	Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object.

Notes

Note

Requires fortiosapi library developed by Fortinet
Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
   ssl_verify: "False"
  tasks:
  - name: Configure VoIP profiles.
    fortios_voip_profile:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      state: "present"
      voip_profile:
        comment: "Comment."
        name: "default_name_4"
        sccp:
            block_mcast: "disable"
            log_call_summary: "disable"
            log_violations: "disable"
            max_calls: "9"
            status: "disable"
            verify_header: "disable"
        sip:
            ack_rate: "13"
            block_ack: "disable"
            block_bye: "disable"
            block_cancel: "disable"
            block_geo_red_options: "disable"
            block_info: "disable"
            block_invite: "disable"
            block_long_lines: "disable"
            block_message: "disable"
            block_notify: "disable"
            block_options: "disable"
            block_prack: "disable"
            block_publish: "disable"
            block_refer: "disable"
            block_register: "disable"
            block_subscribe: "disable"
            block_unknown: "disable"
            block_update: "disable"
            bye_rate: "31"
            call_keepalive: "32"
            cancel_rate: "33"
            contact_fixup: "disable"
            hnt_restrict_source_ip: "disable"
            hosted_nat_traversal: "disable"
            info_rate: "37"
            invite_rate: "38"
            ips_rtp: "disable"
            log_call_summary: "disable"
            log_violations: "disable"
            malformed_header_allow: "discard"
            malformed_header_call_id: "discard"
            malformed_header_contact: "discard"
            malformed_header_content_length: "discard"
            malformed_header_content_type: "discard"
            malformed_header_cseq: "discard"
            malformed_header_expires: "discard"
            malformed_header_from: "discard"
            malformed_header_max_forwards: "discard"
            malformed_header_p_asserted_identity: "discard"
            malformed_header_rack: "discard"
            malformed_header_record_route: "discard"
            malformed_header_route: "discard"
            malformed_header_rseq: "discard"
            malformed_header_sdp_a: "discard"
            malformed_header_sdp_b: "discard"
            malformed_header_sdp_c: "discard"
            malformed_header_sdp_i: "discard"
            malformed_header_sdp_k: "discard"
            malformed_header_sdp_m: "discard"
            malformed_header_sdp_o: "discard"
            malformed_header_sdp_r: "discard"
            malformed_header_sdp_s: "discard"
            malformed_header_sdp_t: "discard"
            malformed_header_sdp_v: "discard"
            malformed_header_sdp_z: "discard"
            malformed_header_to: "discard"
            malformed_header_via: "discard"
            malformed_request_line: "discard"
            max_body_length: "71"
            max_dialogs: "72"
            max_idle_dialogs: "73"
            max_line_length: "74"
            message_rate: "75"
            nat_trace: "disable"
            no_sdp_fixup: "disable"
            notify_rate: "78"
            open_contact_pinhole: "disable"
            open_record_route_pinhole: "disable"
            open_register_pinhole: "disable"
            open_via_pinhole: "disable"
            options_rate: "83"
            prack_rate: "84"
            preserve_override: "disable"
            provisional_invite_expiry_time: "86"
            publish_rate: "87"
            refer_rate: "88"
            register_contact_trace: "disable"
            register_rate: "90"
            rfc2543_branch: "disable"
            rtp: "disable"
            ssl_algorithm: "high"
            ssl_auth_client: "<your_own_value> (source user.peer.name user.peergrp.name)"
            ssl_auth_server: "<your_own_value> (source user.peer.name user.peergrp.name)"
            ssl_client_certificate: "<your_own_value> (source vpn.certificate.local.name)"
            ssl_client_renegotiation: "allow"
            ssl_max_version: "ssl-3.0"
            ssl_min_version: "ssl-3.0"
            ssl_mode: "off"
            ssl_pfs: "require"
            ssl_send_empty_frags: "enable"
            ssl_server_certificate: "<your_own_value> (source vpn.certificate.local.name)"
            status: "disable"
            strict_register: "disable"
            subscribe_rate: "106"
            unknown_header: "discard"
            update_rate: "108"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_voip_profile_module.html