RealWorldPANOS
Home Posts About Contact

RealWorldPANOS

Real-world PAN-OS field notes from production environments.
Practical lessons, patterns, and defensive techniques—written by a working firewall engineer.

No vendor spin • No fluff • Field-tested

What you’ll find here

  • Proxy / bypass reality (what actually shows up in logs)
  • App-ID + URL + behavior patterns that matter in production
  • Panorama at scale: hygiene, structure, and survivability
  • Take-home enforcement: PAC + pass-through proxies to keep filtering off-campus
  • Threat prevention ops: auto-block patterns using tags + DAGs
  • Decryption edge cases: what breaks, why, and how to reduce pain
  • Operational tradeoffs: performance, false positives, and maintainability
PAN-OS K-12 Threat Prevention DAG Log Forwarding Proxies

Start here

Maintaining Web Filtering on Take-Home Chromebooks (At Scale)
PAC file + Apache + Squid pass-through + off-campus DNS
From Log to Block: Auto-Blocking External Threat Sources with PAN-OS
Log forwarding filter → tagging → Dynamic Address Group → top-of-policy drop

Coming next

  • How users actually bypass web filtering (and why App-ID alone isn’t enough)
  • Proxy-evasion indicators worth alerting on (without nuking legit traffic)
  • Panorama structure that scales without turning into spaghetti
Ben McCall • Palo Alto since Jan 2013 (PA-5050 era)
benmccall1976@gmail.comLinkedIn
All views are my own and do not represent my employer. Content is for educational purposes—test changes safely.