Action Items

Action Items

Immediate — Unblock Discovery

  • Check ACP for parent policy inheritance

  • Query prefilter policies for L3/L4 fast-path rules

  • Verify API user has Security Analyst or Admin role

  • If parent found, re-run Q2/Q3 queries against parent ACP ID

Phase 0 — Complete Discovery

  • Q1: Map FTD zones and interfaces — identify DMZ, Outside, Inside

  • Q2: Capture Outside→DMZ access rules (from correct policy level)

  • Q3: Capture DMZ→Inside access rules

  • Q4: Map NAT rules — static NAT to reverse proxy VIP

  • Q5: Check IPS/Snort inspection on DMZ rules

  • Q6: Identify services behind reverse proxy (network objects + host objects)

  • Q7: Reverse proxy content switching vs L4 load balancing

  • Q8: Reverse proxy WAF license status

Phase 0 — Audit Findings

  • Report FINDING-001 (expired FMC cert) to firewall team

  • Resolve FINDING-002 (zero rules) — determine root cause

  • Document architecture diagram (D2) with confirmed traffic flow

Phase 1 — Audit (pending Phase 0 completion)

  • Enumerate all externally-exposed applications

  • Map each application to its reverse proxy vserver

  • Confirm TLS termination point for each application

  • Assess current L7 inspection (if any)

  • Deliver WAF readiness assessment to management

Phase 2 — WAF Placement (pending Phase 1)

  • Evaluate NetScaler AppFirewall license and capability

  • Compare FTD Snort IPS coverage for OWASP Top 10

  • Cost/benefit analysis for dedicated WAF appliance

  • Present placement recommendation to management