Hi @dazz.
I think there would be no problem doing it. I don’t see why not.
A “Static IP address pools” can be created to close the access to the dynamic OpenVPN but not for this pool.
Next, create firewall rules that prevent outside access to the DMZ.
Maybe someone has another opinion.
Greetings.