docs/operations/card-prod-connectivity-diagnostic.log

==========================================================================
CARD Production API — Connectivity Diagnostic Report
==========================================================================
Generated: 2026-04-30T16:28:50Z
Purpose:   Request firewall access to CARD production API

--- Server Details ---

  Hostname:  dashboard-dev
  IP:        71.85.90.9
  OS:        Ubuntu 24.04.3 LTS
  Gateway:   71.85.90.1 (default via eth0)
  Purpose:   STEAM Security Dashboard — CVE vulnerability management

--- Existing Working Connections (same server) ---

  Jira UAT:   jira-uat.charter.com    → 142.136.123.17:443   ✓ CONNECTED
  CARD UAT:   card.caas.stage.charterlab.com → 65.185.232.89:443 ✓ CONNECTED
  Atlas API:  atlas-infosec.caas.charterlab.com                ✓ CONNECTED
  Ivanti API: platform4.risksense.com                          ✓ CONNECTED

--- CARD Production — Connection Failure ---

  Target:     card.charter.com
  DNS CNAME:  card.g.charter.com
  Resolved A: 47.43.51.7
  Resolved AAAA: 2600:6c7f:9330:ca5::7 (IPv6 unreachable from this server)

  Port 443 (HTTPS):  TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s
  Port 80  (HTTP):   TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s

  curl output (HTTPS):
    * Host card.charter.com:443 was resolved.
    * IPv4: 47.43.51.7
    * Trying 47.43.51.7:443...
    * ipv4 connect timeout after 4911ms, move on!
    * Failed to connect to card.charter.com port 443 after 5002 ms: Timeout was reached

  curl output (HTTP):
    * Trying 47.43.51.7:80...
    * ipv4 connect timeout after 4972ms, move on!
    * Failed to connect to card.charter.com port 80 after 5002 ms: Timeout was reached

  nc (netcat) test:
    nc -zvw3 47.43.51.7 443 → timed out: Operation now in progress
    nc -zvw3 47.43.51.7 80  → timed out: Operation now in progress

--- Routing ---

  Route to CARD Prod:  47.43.51.7 via 71.85.90.1 dev eth0 src 71.85.90.9
  Route to CARD UAT:   65.185.232.89 via 71.85.90.1 dev eth0 src 71.85.90.9
  Route to Jira UAT:   142.136.123.17 via 71.85.90.1 dev eth0 src 71.85.90.9

  All three use the same gateway (71.85.90.1) and interface (eth0).
  The routing path is identical — the block is at the firewall level.

--- Analysis ---

  The server (71.85.90.9) can reach Charter internal services on the
  charterlab.com domain (CARD UAT, Atlas) and charter.com domain (Jira UAT)
  but cannot establish a TCP connection to card.charter.com (47.43.51.7)
  on any port.

  DNS resolves correctly. The routing table sends traffic through the same
  gateway used for all other working Charter services. The failure is a
  TCP-level timeout (no SYN-ACK), which indicates a firewall rule is
  blocking traffic from 71.85.90.9 to 47.43.51.7.

--- Request ---

  Please open firewall access:

    Source:      71.85.90.9 (dashboard-dev)
    Destination: card.charter.com (47.43.51.7)
    Port:        443 (HTTPS)
    Protocol:    TCP
    Purpose:     CARD API integration for STEAM Security Dashboard
                 (asset ownership confirm/decline/redirect, team lookups)

  The CARD UAT instance (card.caas.stage.charterlab.com) is already
  accessible and the API integration is fully tested against it.
  Service account: svc-jira-cn-projects (already onboarded with CARD team)

==========================================================================
Exit: 0

=== HTTPS Connection Attempts ===
--- card.charter.com (HTTPS, skip TLS) ---


--- card.charter.com (HTTP) ---


--- card.caas.stage.charterlab.com (UAT — control, skip TLS) ---
HTTP 405, connect: 0.064624s, total: 0.187490s

=== Route Comparison ===
card.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused
card.caas.stage.charterlab.com resolves to: ;; communications error to 71.85.90.1#53: connection refused
jira-uat.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused

=== IP Route to each host ===
--- card.charter.com (;; communications error to 71.85.90.1#53: connection refused) ---

--- card UAT (;; communications error to 71.85.90.1#53: connection refused) ---

--- jira UAT (;; communications error to 71.85.90.1#53: connection refused) ---

=== Summary ===

CARD UAT (card.caas.stage.charterlab.com): REACHABLE — token acquisition works
Jira UAT (jira-uat.charter.com): REACHABLE — all API operations work
CARD Prod (card.charter.com): UNREACHABLE — TCP connection times out on ports 80 and 443

Request: Please verify that the server at 71.85.90.9 is
allowed to reach card.charter.com on port 443. The service account
svc-jira-cn-projects has been granted API access and works against
the UAT instance. The production endpoint is not reachable at the
network/firewall level.
Initial commit — operational records, UAT evidence, and data exports 2026-05-01 20:47:24 +00:00			`==========================================================================`
			`CARD Production API — Connectivity Diagnostic Report`
			`==========================================================================`
			`Generated: 2026-04-30T16:28:50Z`
			`Purpose: Request firewall access to CARD production API`

			`--- Server Details ---`

			`Hostname: dashboard-dev`
			`IP: 71.85.90.9`
			`OS: Ubuntu 24.04.3 LTS`
			`Gateway: 71.85.90.1 (default via eth0)`
			`Purpose: STEAM Security Dashboard — CVE vulnerability management`

			`--- Existing Working Connections (same server) ---`

			`Jira UAT: jira-uat.charter.com → 142.136.123.17:443 ✓ CONNECTED`
			`CARD UAT: card.caas.stage.charterlab.com → 65.185.232.89:443 ✓ CONNECTED`
			`Atlas API: atlas-infosec.caas.charterlab.com ✓ CONNECTED`
			`Ivanti API: platform4.risksense.com ✓ CONNECTED`

			`--- CARD Production — Connection Failure ---`

			`Target: card.charter.com`
			`DNS CNAME: card.g.charter.com`
			`Resolved A: 47.43.51.7`
			`Resolved AAAA: 2600:6c7f:9330:ca5::7 (IPv6 unreachable from this server)`

			`Port 443 (HTTPS): TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s`
			`Port 80 (HTTP): TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s`

			`curl output (HTTPS):`
			`* Host card.charter.com:443 was resolved.`
			`* IPv4: 47.43.51.7`
			`* Trying 47.43.51.7:443...`
			`* ipv4 connect timeout after 4911ms, move on!`
			`* Failed to connect to card.charter.com port 443 after 5002 ms: Timeout was reached`

			`curl output (HTTP):`
			`* Trying 47.43.51.7:80...`
			`* ipv4 connect timeout after 4972ms, move on!`
			`* Failed to connect to card.charter.com port 80 after 5002 ms: Timeout was reached`

			`nc (netcat) test:`
			`nc -zvw3 47.43.51.7 443 → timed out: Operation now in progress`
			`nc -zvw3 47.43.51.7 80 → timed out: Operation now in progress`

			`--- Routing ---`

			`Route to CARD Prod: 47.43.51.7 via 71.85.90.1 dev eth0 src 71.85.90.9`
			`Route to CARD UAT: 65.185.232.89 via 71.85.90.1 dev eth0 src 71.85.90.9`
			`Route to Jira UAT: 142.136.123.17 via 71.85.90.1 dev eth0 src 71.85.90.9`

			`All three use the same gateway (71.85.90.1) and interface (eth0).`
			`The routing path is identical — the block is at the firewall level.`

			`--- Analysis ---`

			`The server (71.85.90.9) can reach Charter internal services on the`
			`charterlab.com domain (CARD UAT, Atlas) and charter.com domain (Jira UAT)`
			`but cannot establish a TCP connection to card.charter.com (47.43.51.7)`
			`on any port.`

			`DNS resolves correctly. The routing table sends traffic through the same`
			`gateway used for all other working Charter services. The failure is a`
			`TCP-level timeout (no SYN-ACK), which indicates a firewall rule is`
			`blocking traffic from 71.85.90.9 to 47.43.51.7.`

			`--- Request ---`

			`Please open firewall access:`

			`Source: 71.85.90.9 (dashboard-dev)`
			`Destination: card.charter.com (47.43.51.7)`
			`Port: 443 (HTTPS)`
			`Protocol: TCP`
			`Purpose: CARD API integration for STEAM Security Dashboard`
			`(asset ownership confirm/decline/redirect, team lookups)`

			`The CARD UAT instance (card.caas.stage.charterlab.com) is already`
			`accessible and the API integration is fully tested against it.`
			`Service account: svc-jira-cn-projects (already onboarded with CARD team)`

			`==========================================================================`
			`Exit: 0`

			`=== HTTPS Connection Attempts ===`
			`--- card.charter.com (HTTPS, skip TLS) ---`


			`--- card.charter.com (HTTP) ---`


			`--- card.caas.stage.charterlab.com (UAT — control, skip TLS) ---`
			`HTTP 405, connect: 0.064624s, total: 0.187490s`

			`=== Route Comparison ===`
			`card.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused`
			`card.caas.stage.charterlab.com resolves to: ;; communications error to 71.85.90.1#53: connection refused`
			`jira-uat.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused`

			`=== IP Route to each host ===`
			`--- card.charter.com (;; communications error to 71.85.90.1#53: connection refused) ---`

			`--- card UAT (;; communications error to 71.85.90.1#53: connection refused) ---`

			`--- jira UAT (;; communications error to 71.85.90.1#53: connection refused) ---`

			`=== Summary ===`

			`CARD UAT (card.caas.stage.charterlab.com): REACHABLE — token acquisition works`
			`Jira UAT (jira-uat.charter.com): REACHABLE — all API operations work`
			`CARD Prod (card.charter.com): UNREACHABLE — TCP connection times out on ports 80 and 443`

			`Request: Please verify that the server at 71.85.90.9 is`
			`allowed to reach card.charter.com on port 443. The service account`
			`svc-jira-cn-projects has been granted API access and works against`
			`the UAT instance. The production endpoint is not reachable at the`
			`network/firewall level.`