Network Setup with FIOS

Planning on a network setup of my home including mutliple VLANS that will need to communicate with the Verizon FIOS Quantum Gateway...

I know the Gateway cant do VLANs, but I have a second router and 2 Managed Switches available to do that with.

Current Setup before I start on the new setup is as follows:

FIOS Router has 2 PCs directly connected to it that get DHCP from the router

FIOS Router has 1 managed switch connected to it

Managed Switch is connected to 2 PCs and the WAN link on a Ubiquti EdgeRouter in other part of the house.  EdgeRouters WAN IP is in the subnet configured on the Verizon Router. The 2 PCs get DHCP from the Verizon Router as well as the switch isnt currently setup with an VLANs / configs and is acting like a dumb switch

EdgeRouter is then connected to a Managed Cisco Switch on both LAN Ports.  EdgeRouter has several Sub Interfaces configured on each LAN Port (VLANS)

Cisco Switch is connected to Edge Router with 2 Trunk ports (allows the VLANS on each to get out to Router)  There are also 2 other trunk ports setup that connect from switch to VMWARE ESXI Server.  Server has 3 VLANS on it, Management, VM, and Retro (they all communicate out via the two trunks to the Cisco Switch)

With all this currently, I am planning on putting in Active Directory via 2 DC VMs as well as an NT Server for Retro stuff, as well as a few other things down the line,  I am also planning on putting a pfsense firewall VM up as well to act as firewall for entire network.

My questions are:

With all this setup, once AD is installed and working and serving DHCP to all in house PCs (Currently getting DHCP from Router) is there anything I need to do to make sure the clients can still get to Verizon Router and out to internet?  

With 3 PCs connected directly to FIOS Router and not in any VLANs right now, do I need to do anything with them so they can get DHCP from Active Directory and still be able to get out to internet through FIOS Router?  DHCP on Router would be turned off.

Finally, with the Firewall setup as a VM, do I need to set it up outside any VLANs and with an IP Address in Verizon Router subnet to have it be the first thing traffic goes through before going inside the network?

I cant remove the FIOS router due to cable boxes and my ONT being on outside of my house.....

Appreciate any insight!

