120 lines
4.6 KiB
Plaintext
120 lines
4.6 KiB
Plaintext
==========================================================================
|
|
CARD Production API — Connectivity Diagnostic Report
|
|
==========================================================================
|
|
Generated: 2026-04-30T16:28:50Z
|
|
Purpose: Request firewall access to CARD production API
|
|
|
|
--- Server Details ---
|
|
|
|
Hostname: dashboard-dev
|
|
IP: 71.85.90.9
|
|
OS: Ubuntu 24.04.3 LTS
|
|
Gateway: 71.85.90.1 (default via eth0)
|
|
Purpose: STEAM Security Dashboard — CVE vulnerability management
|
|
|
|
--- Existing Working Connections (same server) ---
|
|
|
|
Jira UAT: jira-uat.charter.com → 142.136.123.17:443 ✓ CONNECTED
|
|
CARD UAT: card.caas.stage.charterlab.com → 65.185.232.89:443 ✓ CONNECTED
|
|
Atlas API: atlas-infosec.caas.charterlab.com ✓ CONNECTED
|
|
Ivanti API: platform4.risksense.com ✓ CONNECTED
|
|
|
|
--- CARD Production — Connection Failure ---
|
|
|
|
Target: card.charter.com
|
|
DNS CNAME: card.g.charter.com
|
|
Resolved A: 47.43.51.7
|
|
Resolved AAAA: 2600:6c7f:9330:ca5::7 (IPv6 unreachable from this server)
|
|
|
|
Port 443 (HTTPS): TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s
|
|
Port 80 (HTTP): TIMEOUT — TCP SYN sent, no SYN-ACK received after 5s
|
|
|
|
curl output (HTTPS):
|
|
* Host card.charter.com:443 was resolved.
|
|
* IPv4: 47.43.51.7
|
|
* Trying 47.43.51.7:443...
|
|
* ipv4 connect timeout after 4911ms, move on!
|
|
* Failed to connect to card.charter.com port 443 after 5002 ms: Timeout was reached
|
|
|
|
curl output (HTTP):
|
|
* Trying 47.43.51.7:80...
|
|
* ipv4 connect timeout after 4972ms, move on!
|
|
* Failed to connect to card.charter.com port 80 after 5002 ms: Timeout was reached
|
|
|
|
nc (netcat) test:
|
|
nc -zvw3 47.43.51.7 443 → timed out: Operation now in progress
|
|
nc -zvw3 47.43.51.7 80 → timed out: Operation now in progress
|
|
|
|
--- Routing ---
|
|
|
|
Route to CARD Prod: 47.43.51.7 via 71.85.90.1 dev eth0 src 71.85.90.9
|
|
Route to CARD UAT: 65.185.232.89 via 71.85.90.1 dev eth0 src 71.85.90.9
|
|
Route to Jira UAT: 142.136.123.17 via 71.85.90.1 dev eth0 src 71.85.90.9
|
|
|
|
All three use the same gateway (71.85.90.1) and interface (eth0).
|
|
The routing path is identical — the block is at the firewall level.
|
|
|
|
--- Analysis ---
|
|
|
|
The server (71.85.90.9) can reach Charter internal services on the
|
|
charterlab.com domain (CARD UAT, Atlas) and charter.com domain (Jira UAT)
|
|
but cannot establish a TCP connection to card.charter.com (47.43.51.7)
|
|
on any port.
|
|
|
|
DNS resolves correctly. The routing table sends traffic through the same
|
|
gateway used for all other working Charter services. The failure is a
|
|
TCP-level timeout (no SYN-ACK), which indicates a firewall rule is
|
|
blocking traffic from 71.85.90.9 to 47.43.51.7.
|
|
|
|
--- Request ---
|
|
|
|
Please open firewall access:
|
|
|
|
Source: 71.85.90.9 (dashboard-dev)
|
|
Destination: card.charter.com (47.43.51.7)
|
|
Port: 443 (HTTPS)
|
|
Protocol: TCP
|
|
Purpose: CARD API integration for STEAM Security Dashboard
|
|
(asset ownership confirm/decline/redirect, team lookups)
|
|
|
|
The CARD UAT instance (card.caas.stage.charterlab.com) is already
|
|
accessible and the API integration is fully tested against it.
|
|
Service account: svc-jira-cn-projects (already onboarded with CARD team)
|
|
|
|
==========================================================================
|
|
Exit: 0
|
|
|
|
=== HTTPS Connection Attempts ===
|
|
--- card.charter.com (HTTPS, skip TLS) ---
|
|
|
|
|
|
--- card.charter.com (HTTP) ---
|
|
|
|
|
|
--- card.caas.stage.charterlab.com (UAT — control, skip TLS) ---
|
|
HTTP 405, connect: 0.064624s, total: 0.187490s
|
|
|
|
=== Route Comparison ===
|
|
card.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused
|
|
card.caas.stage.charterlab.com resolves to: ;; communications error to 71.85.90.1#53: connection refused
|
|
jira-uat.charter.com resolves to: ;; communications error to 71.85.90.1#53: connection refused
|
|
|
|
=== IP Route to each host ===
|
|
--- card.charter.com (;; communications error to 71.85.90.1#53: connection refused) ---
|
|
|
|
--- card UAT (;; communications error to 71.85.90.1#53: connection refused) ---
|
|
|
|
--- jira UAT (;; communications error to 71.85.90.1#53: connection refused) ---
|
|
|
|
=== Summary ===
|
|
|
|
CARD UAT (card.caas.stage.charterlab.com): REACHABLE — token acquisition works
|
|
Jira UAT (jira-uat.charter.com): REACHABLE — all API operations work
|
|
CARD Prod (card.charter.com): UNREACHABLE — TCP connection times out on ports 80 and 443
|
|
|
|
Request: Please verify that the server at 71.85.90.9 is
|
|
allowed to reach card.charter.com on port 443. The service account
|
|
svc-jira-cn-projects has been granted API access and works against
|
|
the UAT instance. The production endpoint is not reachable at the
|
|
network/firewall level.
|