Static routing on Virtual environment

Hello

I have a dedicated server hosted in the cloud

this server runs esxi

the primary address is assigned to Esxi server but i have a secondary IP

I would like to protect my vms with a FGT ( i know that my Esxi server will be in front of internet but i will try to harden it )

some tutorials explain how to use a pfsense on this configuration and i tried to reproduce it with a FGT

Secondary IP and its MAC address assigned to FGT wan port

the problems starts here :

secondary IP and primary are not in the same subnet

i set up a static route on FGT for primary ip/32 -> ping OK

i set up a static route on FGT for primary ip's default gateway -> ping OK

so i set up a  default route with the same gateway as primary IP but the route never goes up

If i start a diag sniffer packet on the wan port, i can see some requests from outside reaching the port but the fortigate does not respond

with a diag debug flow filter -> reverse path error

Is there a way activate the route ?

thanks in advance