With 10 workstation/server machines connected to one switch, then to one router (192.168.55.1) before the Internet.
Would it be of any benefit to divide the LAN addresses in the firewall and create 2 objects for the LAN
1. LAN traffic only = 192.168.55.2 - 192.168.55.254
2. Router traffic in/out = 192.168.55.1
Instead of 192.168.55.0/24
I don't see any real benefit of segmenting the LAN addresses. You can use the interface object to define traffic specific coming in/out of the firewall. Is there some type of rule that you are trying to create that you can't by using only the network object?
Thank you for your reply. I am sorry but the client decided on not using FWB.
They were asking if it would be an increase in security if the LAN machines would deny traffic from the router 192.168.55.1 since they are all accessing the internet via a single firewall machine that allows internet access.
Allowing 192.168.55.2 - 192.168.55.254 would give LAN inter communications but deny any router 192.168.55.1