I need your opinions about securing a LAN.

Hello,
I need security experts advice about designing a secure local network and I’m thankful if anyone share his\her ideas.
Consider a local network with 1000 clients. This LAN connected to the Internet and use a gateway to share the internet to to the clients and has below components:
1- Some servers (DNS, DHCP, File Server, Active Directory, Fax Server) that are Virtualized.
2- NAS Storage.
3- MSSQL Server.
4- VOIP Server (MITEL).
5- Web Server (Apache and IIS).
This network use VLAN for each floor and my questions are:
1- Which security architecture is good for protecting this LAN from the outside threats? I googled it and found some architecture, but I’m not a security expert and I don’t know which is good. I’m thankful if anyone share a diagram.
2- For protecting internal servers which tools must be considered? For example, IDS/IPS, Honeypot, Log server, SIEM and etc.
3- Which application is good to monitor operating systems Vulnerabilities?

Please share your ideas.

Thank you.