Routing issue with basic failover

SonicAdmin80

I've seen a couple of times a situation where NSv firewall starts routing traffic out the wrong WAN interface. LB status for the main interface is 'available' and both targets are alive. It's also set to use basic failover only.

What might cause a routing error like this? Should I transfer the secondary interface to "final back-up" section even when there are only two interfaces?

Removing and re-adding the interface to the LB group fixes the issue and then it can take months for it to show up again. It also doesn't seem to resolve by itself as it can be hours or even a day before it's manually fixed. We notice it when users try to scan to email and it doesn't work through the backup WAN that has port 25 blocked.