Organizations running multiple remote access agents on endpoints experience conflicts when agents compete for route control and DNS resolution, causing connectivity failures and inconsistent routing. These deployments are particularly common during extended Prisma® Access migrations where you might need to maintain legacy agents alongside Prisma Access for a period of time. They also occur during merger scenarios where employees access multiple company networks, or in consultant environments requiring simultaneous connections to client and corporate resources.

The third-party agent coexistence bypass feature resolves these conflicts by enabling you to configure Prisma Access Agent to ignore specific traffic through bypass rules in forwarding profiles. When you configure connections as bypass, Prisma Access Agent will not intercept or modify matching traffic, enabling third-party agents to handle those connections without interference.

You can configure bypass rules for network traffic only, DNS only, or both traffic types based on your requirements. When bypassed traffic matches third-party agent policy rules, those agents process the connections normally. If no third-party agent handles the bypassed traffic, the system sends traffic to the tunnel (if present) or directly to its destination (if the tunnel is not present). This capability enables staged migrations to Prisma Access from legacy solutions, operationally simplifies mergers and acquisitions, and enables consultants to work seamlessly.