I'm currently simulating this setup in Packet Tracer. Right now, all the traffic is going through ISP1, and I'm trying to figure out why the second router won't forward traffic when the first one goes down. I understand it's just Packet Tracer 😞 just using it to get a general idea of the behavior.

Thanks for your explanation. I think PhilipDAth is also explaining the same concept.

I was aware of the first two options but not the third one (load balancing between ISP1 and ISP2). With the monitoring tool we have both WAN interfaces are added but only one is forwarding traffic. I’ll change that asap.   Thanks Phil!

It might not have been clear, but each different cable color represents a different VLAN. The purple cable running over each MX to the uplink switches is for the management VLAN, which serves a different purpose than forwarding WAN traffic.

So may I assume, green is ISP 1 and blue is ISP 2?  Each MX can only have 1 WAN cable per WAN, you can't use the LAN ports as WAN ports.

In that case it is quite easy.
If the primary MX goes down, the spare takes over due to missing VRRP messages, and since ISP 1 is still configured as primary WAN, the spare MX will use the diagonal green link towards the upper switch to reach ISP 1.

Yes, your assumption is correct. However, I’ll be using the WAN interface of the MX devices to connect to the intermediate switches, so VRRP packets will still be sent through the LAN ports. The only difference from a setup where the MX is directly connected to the ISP is that the MX will receive a private IP address from the intermediate switch for internet access. The diagram I attached would have been the ideal solution, but most providers won’t activate two ports for businesses.

That the MX'es receive private IP addresses is very possible.  Many providers only give 1 public IP on the WAN side of their own routers and then NAT to an internal range so your two MX devices can take each an IP from that with a third being the vIP.  And just DMZ host feature on that vIP.

I don't however see why you think the intermediate switches would give an IP to the MX.  The switches usually are L2 in that part and the upstream router is the one providing the IP space for your MX'es.

VRRP always runs on the LAN side of the MX, never on the WAN side at least for routed mode.  The upstream connectivity test is purely done using the uplink monitor (icmp, dns, http).

The intermediate switch is a Layer 3 C1300. My goal is to assign an IP address to each interface, both on the MX and the intermediate switch. The switch would technically act as the router (forwarding ´ and natting packets) while the MX behind it handles Wi-Fi, security, and other services.

Only a select few switch can handle NAT and that is then limited to the TCAM space they have.  A C1300 is too limited a switch to do NAT.
I can perfectly understand if you use an upstream router for each ISP and they NAT to a private "WAN" space but then your MX will NAT again to the internal network, unless you place the MX'es as transparent (passthrough).

I think you need to think your design through because it is making less and less sense 😉