RealWorldPANOS
Real-world PAN-OS field notes from production environments.
Practical lessons, patterns, and defensive techniques—written by a working firewall engineer.
No vendor spin • No fluff • Field-tested
What you’ll find here
- Proxy / bypass reality (what actually shows up in logs)
- App-ID + URL + behavior patterns that matter in production
- Panorama at scale: hygiene, structure, and survivability
- Decryption edge cases: what breaks, why, and how to reduce pain
- Operational tradeoffs: performance, false positives, and maintainability
Philosophy
- No vendor spin. No fluff.
- Share how to think, not copy/paste production configs.
- Examples are sanitized and designed to be adaptable across environments.
Start here
- Coming next: How users actually bypass web filtering (and why App-ID alone isn’t enough)
- After that: Proxy-evasion indicators worth alerting on (without nuking legit traffic)
- Then: Panorama structure that scales without turning into spaghetti
(Posts will be linked here as they’re published.)
About
I’m Ben McCall, a senior PAN-OS firewall engineer working in large-scale production networks,
primarily in K-12 environments where bypass attempts are constant and creative.
I’ve been hands-on with Palo Alto since January 2013 (PA-5050 era).
This site is a place to document what works, what fails, and why—so other engineers can move faster.
Disclaimer
All views are my own and do not represent my employer.
Content is shared for educational purposes; apply changes responsibly and test in your environment.