Bratelo slava HINT: You are NOT helping by interjecting before the necessary information to give an informed response is possible. The OP needs to provide more information as already requested to get to a satisfactory resolution of the problem. There are a few here that can play the mind reader game and take shortcuts (sob, mkx, sindy) but otherwise not usually successful and irritating for those of us asking for the information. The OP was sidetracked and has yet to provide the requested information, hopefully soon coming.
Not to say your advice is not sound or useful but usually there is more to the story which can only be sussed out with more context and information.
Often there is lots the OP leaves out that is necessary to the puzzle.
By the way I didnt read your question nor his response, its noise since I dont understand
a. the network structure (what devices are attached, internet comes from, what goes out on the ports) A network diagram helps immensely here.
b. the configuration which fills in the rest of the gaps. ( the bridge/vlans/subnets, the firewall rules, the routing etc. and how they interact)
c. the requirements of the network in terms of use cases
what the user(s)/device(s) should be able to do and not do..................pushes config design