In fact, isolating IoT is a topic. In future maybe an IoT network is as important as a guest network... Could be set as request for the GL.iNet team.
Still, the GL.iNet router securing the LAN side. How should it take care of the WAN side?
At first create a VLAN for IoT. Tan make a firewall rule: Deny everything.
After that, allow the communication to your infrastructure. And at last open the communication to the IoT services.
But this is more a OpenWrt topic.
And when you switched to OpenWrt, and understood how to build a IoT VLAN, then you could get rid of the roger router. Else replace it with a GL.iNet router, or set it to dumb bridge mode and connect all devices to your GL.iNet router.
Even if you need one as range extender, use a second GL.iNet router. Or maybe another OpenWrt supported.