What should be the benefit of having any 3rd party tool inside the internal communication? Protocol is HTTPS (TLS/1.2), so you would have probably to deal with certificates and this could easily break the communication between Dynatrace server and gateways. The protocol is not (publicly) documented.
This DP is actually the gate from DMZ to LAN and they are inspecting every transaction for security issues.
Is there a way to replace the privet SGW and the DTM certificates as there is for Public SGW?
You should probably to talk to support for this. There is a SSL truststore in the SGW, so I think this is possible to somehow add your own certificate to the truststore. You don't need to change the SGW certificate, since that one is used for SGW-OneAgent communication.
But maybe the SGW will trust your custom certificate anyway.