Add secondary WAN interface only for SSL VPN traffic

I currently have a XG310 firewall running the latest 16.05.0 firmware.  We are using the SSL VPN client and it is set for Default Gateway with all our internal subnets allowed.  IT hands out 10.10.11.* IP addresses.  I also have a firewall rule that allows all traffic from the LAN and VPN zones to/from the LAN and VPN zones.  Our LAN has multiple VLANs but mostly follow a 10.10.10.*, 10.10.20.*, 10.10.30.*, etc pattern.   This all works as expected.  However we would like to add a secondary WAN connect (a cell router) as a backup in case our main line is down.  It will NOT be used a failover outgoing but just for administrators to VPN into the network if our main fiber line is down.

 

I can't seem to get this to work as the SSL VPN only seems to respond to "WAN" ports but I also don't want the cell router to be considered a WAN port even though I guess technically it is.  Is there another way to set this up or do I have to mark it as a WAN port then go through all my firewall rules and such and make sure the primary gateway is our actual gateway?  Or is there a way to make it a WAN port but have it never try to use it for any outgoing traffic?

 

-Allan