My suggestions:
- Ignore everything to do with Swisscom (IB, Internet, DMZ, port-forwards, blah-blah-blah) for now. All that stuff is easy to do once your Linux controller has adopted the USG (and any other UI items), and you have bullet-proof admin control.
- Make yourself a wired Admin sub-net (10.11.12.0/24 for example). Switch your Linux box to the Admin sub-net (10.11.12.200 for example), wire to the USG, and persuade your UI app to adopt the USG (similarly any other UI devices).
Adoption is the only hard part of the process …almost everybody gets lost the first time.
There is plenty of help on the UI website.
I don’t use USG so cannot offer any USG-specific advice.
In my network I run Guest & IoT “naked” — a UI AC-PRO does client-isolation and is wired directly to the Swisscom IB. AC-PRO is managed (wired) by UI app on the admin Ubuntu machine.
Private & Admin VLANs are behind a pfSense box (not USG, but doing a similar job).
Admin VLAN is wired-only, and connects to managed devices over untagged ports.
Private VLAN wifi uses several UI Flex-HD controlled by UI Cloud-Key. C-K web-interface accessed from Ubuntu machine over Admin VLAN.
Chris