I am doing more or less exactly this in production right now. In order to maximize the control, I chose not to use virtual wan-interface:
Two ISPs, two default routes, same distance but lower prio on one of them. This means traffic will leave out on the first route, all traffic that you want to go out on the 2nd ISP you need to policy route out. No automatic loadbalancing. You still need the default route there, otherwise it won't work properly, incoming connections to that ISP will be impossible etc. Remember that when you do policy routing to internet, it is important to specify the traffic you DON'T want to policy route. You will need three "stop policy routing"-rules excluding all internal networks (RFC 1918, i.e: 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8) for every network you want to policy route out to internet, otherwise all your internal traffic will be blocked.
If you just use addresses from 10.0.0.0/8 internally, just stop policy routing that then. If you don't do this, you will block your internal traffic, and you don't want that, you just want to send traffic destined for internet out the other ISP.
You don't need to specify the gateway address in the policy rule doing the actual policy routing, in fact, it is a bad idea to have anything else then 0.0.0.0 there. You can't set a gateway here if you want to be able to failover between the ISPs.
I use link-monitors with the setting "update static route" enabled, so that the monitor remove the default route if the connection fails. Make sure the polling settings are sane, poll every 3-5 seconds, allow 3 failures before failover, or something like that. You don't want link flaps, and an automatic failover time around 10 seconds is sufficient for most scenarios. Remember that the traffic that has failed over to the other ISP will continue to use that path even after ISP is back up, that is until the sessions has timed out. The users will gradually fail back to ISP1. This is by design.
The ISPs are in separate Zones, so I run dual rulesets in order to make a failover possible. This is also in order to maximize control. For every policy that you create for traffic destined for either ISP1 or ISP2 will need a mirror rule pointing to the other ISP if you want failover.
Also remember that you can use ISP2 for incoming connections in any way you want to with this setup. The policy routing only affects outgoing connections.