network hardware

How to properly configure the local network (which has video surveillance)?

Good day!
It so happened that I "inherited" a certain amount of equipment, despite the fact that the former owner could not be found.
I myself am not strong in networks and settings of network equipment, my knowledge is rather superficial at the level of setting up a home router, forwarding ports, etc. I'm more on program moments and video surveillance.
I would really appreciate any help/advice.
Here's what we have at the moment:
There is a local network - 192.168.1.0/24 + there is a "white" IP address.
At the moment there are 4 switches:
• SW1 - D-link DES-1210-28P (192.168.1.110)
• SW2 - D-link DES-1210-28P (192.168.1.112)
• SW3 - D-link DGS-1210-28P (192.168.1.113)
• SW4 – D-link DES-3200-26 (IP unknown, no access to the switch)
Zyxel Keenetic II router is also installed, which is also a gateway for devices (192.168.1.1)
Two video surveillance servers:
• SRV- V1 - responsible for external video surveillance (192.168.1.199)
• SRV-V2 - responsible for internal video surveillance (192.168.1.200)
IP cameras, internal and external, which are connected to SW1 and SW2 (external) and SW3 (internal).
SW1 and SW2 are interconnected by fiber optic cable via SFP, SW2 and SW3 with SW4 twisted pair.
At the moment there are a number of problems and questions:
1. At the time of installation of the SRV-V2 server, the SW2 and SW3 switches were connected with a patch cord, everything was fine, but it did not ping from the router, and was not visible from the Internet. After connecting SW3 and SW4, the server began to ping and became accessible from the Internet.
Why did this situation happen?
2. If you connect a laptop to SW3, then the SRV-V1 server, as well as cameras connected to SW2 and SW1, will not be pinged. No access to SW2 web interface.
3. Even if you directly connect your laptop to SW2, then there is no ping to the cameras that are connected to SW1 and there is no access to the web interface of SW1, but I would like to, because. SW1 is geographically removed from the place where SW2, SW3 and SW4 are located. While the SRV-V1 server connected to SW2 perfectly sees the cameras connected to SW1.
4. I can’t set up a VPN server on Zyxel in any way, although the VPN server component has been installed, turned on, and started a user. But it doesn't want to connect to it. Windows 10 - writes: "Cannot connect to the remote computer, so the connection port is closed." I enabled 40 bit key support for the MPPE protocol in my system.
I would also like to know your opinion on the following plans:
1. Divide the network into VLANs, thereby separating video surveillance and other devices on the local network (which are connected to SW4), in order to reduce the load within the network, as well as to improve security. Is it possible to forward ports on Keenetic from the outside to the VLAN that will be used for video surveillance?
Does it make sense to separate internal and external video surveillance into different VLANs?
2. Is it possible (and correct) to make such a division in the future, if not divided into VLANs?

• 2 - 99 - DHCP - Clients incl. WiFi
  
• 100 - 110 - switch
  
• 111 - 149 - Static IP reserve
  
• 150 – 250 – Video surveillance
  
• 251 - 254 - Reserve
  

I'm attaching the diagram I was able to draw.
Thanks in advance for your replies!