I currently have several VLANS (management for network devices, iot for smart devices, infra for security cameras and NAS, one for personal devices, anothe for guests, etc.
Currently I’m hosting a game server which is exposed to the outside world and am thinking of adding a couple more similar services.
Is it best practice to put such machines on their own isolated VLAN to minimize their attack surface?
Reverse Proxy as much as you can so you only have one port, I haven't found anything I haven't been able to even Plex, but haven't done a game server other then minecraft.
Whitelist Geoip location, use crowdsec
I haven't bothered with network segregation I used too but then revaluated and just realized it wasn't worth it for me.