[Porter]

In the meantime I found a way with splat to force a host or a network to be reachable over on iSP while ISP RED. is active in loadsharing or primary/backup mode. If you want to make shure that only ISP A is used for that host or network you can simply do this with source or policy routing. In that case don't use the "NAT the behind the GW", just use a public adress from ISP A or NAT it manually to that IP. Routing is done after the packets went through CP, what ever which mode you've definded for ISP RED. packets will go always that way you definded in the routing policy, now an example how this could look like:

First of all create table(s) in /etc/iproute2/rt_tables:
echo 200 ISP A >> /etc/iproute2/rt_tables

Afterwards add rules to the table(s):
ip rule add from 10.0.0.10 table ISP A

Verify that information has been set:
ip rule ls

You should now see something like this:
0: from all lookup local
32765: from 10.0.0.10 lookup ISP A
32766: from all lookup main
32767: from all lookup default

Now add the routes to the table:
ip route add default via 194.162.56.1 dev ethx table ISP A

194.162.56.1 means the router from ISP A
ethx is the interface attached to that ISP

Note: All other networks that have to be reached behind the FW need to be added to the policy, also if you have already a existing route to that network, just add them to the table ISP A

Finally flush the routing table:
ip route flush cache

To have this policy available after a reboot add this to /etc./rc.d/rc.local
In our example here this would look like this:

ip rule add from 10.0.0.10 table ISP A
ip route add default via 194.162.56.1 dev eth2 table ISP A
ip route flush cache


Hope that helps some of you who have such requests or needs to the environment!