Thanks for the reply,
I am about to test your recommendations, but I have a couple of questions.
I will set up both WAN interfaces on the same Zone as recomended by your link and follow up all your recommendations
Here is where I have some questions
place the secondary ISP into a virtual router
> add backup-vr and add the default route to my backup WAN default Gateway ?
Add a secondary default route to this VR into the main router
> from the trust-vr create a second 0.0.0.0/0 for backup-vr, with a higher preference value?(meaning down unless the lower preference goes down)
Add ip tracking to the first ISP to take this offline when this ISP goes down so the secondary route becomes active
> Tracking from the backup interface to the primary interface, no problem
Then build your primary tunnel to the second ISP and your secondary VPN to the primary ISP switching their current setup
> Will this changes make my backup interface active? if it does I can then set up a tunnel to my backup interface IP. The tunnel is just for DR traffic and I do not need to fail it to the primary interface. Right now I can only use my backup interface via source routing, but the backup WAN ip is not available from the internet to set up a VPN tunnel.
Thanks for your help. let me know if I understood your recommendations correctly.