Depends how many servers you have in DMZ....
Option1: Install SEPM with Embedded DB and it will replication with Production SEPM.
Option2: Let All Servers in DMZ take direct updates from Production SEPM.. Open IP :Port specific Firewall rules for the DMZ Segments
Option3: From Production SEPm/DB install a new Failover/LB server in DMZ. Keep all DMZ servers in one group and apply MSL on that group only to communicate with that SEPM.