I think the core issue is you want a particular type of service, but you don't want to pay for it. You can plug ISP1 only into MX1, and ISP2 only into ISP2. They'll be able to fail over. This will work fine if you are not using a VIP, and you are only protecting outbound services. It will also work fine if you are using AutoVPN, or a client VPN which uses the DDNS name. There is also a dirty hack you can do where you can configure three of the LAN ports into their own dedicated VLAN. Then plug ISP1 into one of those three ports. Plug the second port into WAN1 on MX1 (it loops back), and the third port into WAN1 on MX2.
... View more
