Yeah of course
10.20.20.2 - reverse proxy, early days it used http validation for a domain so had to go out the same ip it came in on, now uses dns validation so probably isn’t needed to ‘originate’ traffic anymore
10.20.20.9 - plex, only have that so the plex server knows what it’s external IP is - else the server will try use WAN2’s ip and then use their relay. Now thinking about it, the srcnat should actually do the same job
10.20.20.31 - smokeping server, I have one on WAN1 and one on WAN2, testing pings to different locations from both wans - ICMP and curls
I will remove the .2 & .9 from the routing list
Apart from that though, do you see any reason why the tagged traffic still appears to go out WAN2?