Currently I have 3 external interfaces without ISP Redundancy. Each external interface has its own site-to-site VPN tunnels. They are implemented by doing the following:

1. I give different gateway IPs on my end to different organizations.

2. I add static routes for each peer IP in Gaia OS.

3. VPN Link Selection is on "Use probing. Link redundancy mode:" --> "High Availability"; "Outgoing Route Selection" --> "Operating system routing table".

I am running R80.20 on a VRRP setup. No PBR. All tunnels are running properly.

Now I am adding a 4th external interface, which happenes to be an Internet circuit. I plan to configure ISP Redundancy by adding one of the 3 external interfaces as Primary ISP and the 4th interface as Secondary ISP, and set "Redundancy mode" to "Load sharing". I plan to deselect "Apply settings to VPN traffic" since I don't want to mess up all existing VPN tunnels.

Question: how do I make sure the existing VPN tunnels on the primary ISP will stay with the primary ISP, and will never shift to the secondary ISP? By the way, all peers are non-Checkpoint, and I will not give the gateway IP of my secondary ISP to any peers. Thank you in advance.