Currently I have the internet connected to a Router/firewall/DHCP server (all in one combo), connected to a switch which connects all servers and VMs. Everything is working fine but I would like more security and put a web server in a DMZ and the rest behind another firewall->switch into a private LAN consisting of the Servers and VMs described.
I currently have a ubiquity Edge Router Pro and 24 Port to-link TL-SG1024D switch. This is the post I would like to follow https://danielmiessler.com/study/dmz/
My questions mainly relate to the private LAN:
How would I set up the default gateway (router) settings on the switch in the private LAN given its now in a different LAN (192.168.1.1/24) - the DMZ, and is not accessible. I still want be able to make outbound internet calls from the private LAN via the Router, just not receive inbound which is protected by the firewall
Would I need a L3 switch for the DHCP server for the address allocation to VMs and PCs in the private LAN (192.168.2.1/24) or can I some how use the Router to achieve this?