I imagine that you should use vdoms, vdom1 includes wan1+port1, vdom2 includes wan2+port7. And then in vdom2 you make an additional routing with higher distance number that 0.0.0.0/0 goes out through vdom1. This may require inter-vdom links (as certain interfaces). I don't know about 60D if that model has this possibility. For the second point, it is simpler to keep both open and working, otherwise you should manually activate the services on wan1. Just these general notes to try, I haven't made this specific setup by myself though. Probably I miss something regarding DDNS specific or its requirements or setup.

I am unfamiliar with DDNS but I don't think you need VDOMs to do this.  However, I believe the VPN will need to be accessible via either WAN all the time if you want it to work.  The rest should be possible via policy routing and multiple static routes with different metrics like echo mentioned.

hi.

what is VDOMs? sorry for silly questions.

I search on internet, if I want to configure load balancing, then first I need to delete all policy, static route related to those WAN connections. is this correct?

I recommend reading the manual about VDOMs.  Here are a couple links to get you started:

https://cookbook.fortinet.com/vdom-configuration/

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-virtual-domains-54/1-VDOM-overview/1...

Load balancing is a new topic.  Do you want to load balance (i.e. balance all traffic between the WANs all the time) or do you want to do what you first described in your post (make sure certain traffic goes one way while other traffic goes another and fail over only if one is down)?

I think the VDOMs are necessary, if the failover has to be only one way as the initial requirement was. But if the same can be realised with policy based routes... Maybe. Would be simpler.