Issues Encountered
Issues Encountered
FINDING-001: FMC Management Certificate Expired
Severity |
Medium |
Date |
2026-04-15 |
Status |
Open — reported |
Issue |
FMC management plane TLS certificate is expired and uses CN-only (no SAN). CN is the short hostname; connections use FQDN. |
Impact |
All API consumers and GUI users must bypass TLS validation. MITM vector on management VLAN. |
Workaround |
Using |
Resolution |
Renew FMC certificate with FQDN in SAN. Escalate to firewall team. |
FINDING-002: Perimeter ACP Returns Zero Rules
Severity |
Needs Investigation |
Date |
2026-04-16 |
Status |
Open — investigating |
Issue |
Perimeter Access Control Policy assigned to firewall devices but returns |
Probable Cause |
Policy inheritance (parent holds rules), prefilter fast-path, or RBAC restriction on API user. |
Next Steps |
Check parent policy, query prefilter policies, verify API user role. |
ISSUE-003: Copilot Guidance Inaccuracy
Severity |
Low |
Date |
2026-04-16 |
Status |
Resolved |
Issue |
Initial API session used GitHub Copilot for guidance. Model provided correct sequence but stopped at "no rules found" without investigating parent policies, prefilter, or RBAC. |
Resolution |
v2 investigation doc incorporates all missing checks. Copilot artifacts superseded and removed. |