>
    Strata Copilot
    Configure Third-Party Agent Coexistence with Bypass Rules (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent Administration
    4. Configure the Prisma Access Agent
    5. Set Up Forwarding Profiles to Manage Agent Traffic
    6. Configure Third-Party Agent Coexistence with Bypass Rules
    7. Configure Third-Party Agent Coexistence with Bypass Rules (Strata Cloud Manager)
    Download PDF
    Prisma Access Agent

    Configure Third-Party Agent Coexistence with Bypass Rules (Strata Cloud Manager)

    Table of Contents

    Configure Third-Party Agent Coexistence with Bypass Rules (Strata Cloud Manager)

    Configure bypass rules in forwarding profiles in Strata Cloud Manager Managed Prisma Access agents to enable Prisma Access Agent coexistence with third-party remote access agents without routing conflicts.
    To configure bypass rules within Forwarding Profiles in Strata Cloud Manager Managed Prisma Access deployments:
    1. Navigate to the forwarding profiles setup page:
      • Strata Cloud Manager Managed Prisma Access deployments:
        1. Select ConfigurationNGFW and Prisma AccessConfiguration ScopeMobile Users Container.
        2. Edit the settings in the Forwarding Profiles Setup section.
      • Panorama Managed Prisma Access deployments:
        1. From the Cloud Services plugin in Panorama, select PanoramaCloud ServicesPrisma Access AgentLaunch Prisma Access Agent.
        2. Select ConfigurationForwarding Profiles
      • Panorama Managed NGFW deployments:
        1. Log in to Strata Cloud Manager as the administrator.
        2. Select ConfigurationForwarding Profiles
    2. Set up the Source Applications or Destinations for which you need to bypass traffic.
      For example, you can specify a Destination for a domain you want to bypass, or specify the IP addresses for the applications you want to bypass. You can also set up specific Source Applications that you want to bypass.
    3. Configure a forwarding profile where you want to specify bypass rules.
      1. Select an existing forwarding profile you want to modify or add a forwarding profile.
        For example:
      2. In the Forwarding Rules section, select an existing forwarding rule or Add a forwarding rule for the source application or destination you want to bypass.
      3. Specify the properties for the forwarding rule:
        1. Enable the forwarding rule.
        2. Enter a meaningful Name for the rule.
        3. Select the Source Application and Destination that you want to bypass.
          For example, you can bypass Any applications in the lab destination.
          Prisma Access Agent cannot steer UDP traffic based on destination criteria on Windows endpoints. Any rule that uses the Destination object will not apply to UDP traffic on Windows endpoints.
        4. Select ConnectivityBypass.
        5. Select the Traffic Type to bypass (DNS, DNS + Network Traffic, or Network Traffic).
        6. Update the forwarding rule.
      4. Set the rule priority to ensure bypass rules are evaluated in the correct order relative to other forwarding rules. You can select a forwarding rule and move it up or down in the Forwarding Rules table.
      5. Select a Traffic Enforcement option if needed.
      6. Save your forwarding profile settings.
      7. Push the configuration to deploy the bypass rules to your Prisma Access Agent deployment.
    4. Verify that bypass rules are working correctly on an endpoint.

    © 2026 Palo Alto Networks, Inc. All rights reserved.