NAT & Routing Troubles over multiple VDOMs

Hello.

I'm working on putting together a test topology for a private Datacentre and I've run into some troubles with NAT & Routing when passing traffic over an NPU Inter-VDOM link.

My design is to have an internal VDOM to handle all local policies and inter-VLAN routing, and an External VDOM to take in the WAN links and handle broad-scope security such as DDoS protection, IDPS, etc.

I have multiple Public IP addresses to use and would like to be NATing from the internal VDOM using IP Pools and sending this traffic over the NPU and out to the internet, however, I have not been able to get this working with this design. The only way I've gotten this working so far is by performing the outbound SNAT from the externally facing VDOM by passing private IP traffic over the inter-VDOM link instead of Public IP traffic. I'd like to avoid this, as it would include double-handling IP address objects between VDOMs.

My first hunch was to play around with the static routes / policy routes to get this working, so I've tried adding static routes on the External VDOM to direct return traffic destined for my Public IP to the NPU link, which didn't help, but I may be overthinking this.

Routing table for internal VDOM:

Routing table for External VDOM:

Would appreciate any help with how this needs to be configured as I've been looking at it much too closely and may be missing something obvious. I would also appreciate any constructive criticism regarding the design theory with any improvements I could make to efficiency / security.

Cheers,
Matt