Cyberoam creates default firewall rules for LAN à WAN by default. In case if appliance is deployed in the bridge mode and if external users are accessing LAN resources then WAN à LAN firewall rule needs to be created.

If LAN users are getting dynamic lease IP from DHCP server and Cyberoam is deployed between DHCP Server and LAN users, then necessary firewall rules must be created to accept the DHCP discover request.

Refer the below PDF for the link to allow LAN users to get dynamic leased IP from DHCP server when Cyberoam is displayed in Bridge mode.          

If Cyberoam is being deployed between two VLAN trunked devices then VLAN tag information needs to be added from Cyberoam CLI otherwise Cyberoam will not be able to perform UTM functions for all VLAN tagged traffic.

Refer the below PDF for the link to configure VLAN when Cyberoam is deployed in Bridge mode.          

If Cyberoam bridge IP is being used as a proxy in client computers then static routes for remaining (Other than Cyberoam bridge IP subnet) needs to be added from CLI.

If Cyberoam bridge IP is being used as a proxy then upstream device must accept traffic for all client IP addresses as Cyberoam will not MASQ the source IP of original client originated packet. Cyberoam will send client IP as a source while forwarding the same to upstream.

If there is asymmetric routing issue, then specific IP or subnet needs to be bypassed from Stateful Inspection using Cyberoam CLI advanced firewall command.

set advanced-firewall bypass-stateful-firewall-config

Select appropriate network port pairs to avail the hardware bypass functionality as selected models and pair of ports support this feature.

If appliance is being deployed in a production network then to minimize the downtime one must enable midstream connection pickup using below Cyberoam CLI command to avoid any interruption in the existing established connections.