Outbound rules for One-to-One on second WAN

[irgendwr]

How can I configure OPNsense to send outbound traffic from a LAN addr (10.10.10.4/32) over a specific interface (WAN2)?
This sounds like a simple problem but I can't seem to solve it nor find any advice.

My goal: Adding a second public IP and "assigning" it to a VM w/ 1:1 NAT.
The second IP uses the same gateway as the one from the WAN interface but it requires a different MAC-address. That's why I created a second interface (WAN2).

What I tried:
I added a One-to-One Rule (BINAT): Interface=WAN2, External IP=..., Internal IP=10.10.10.4;
switched Outbound to "Hybrid outbound NAT rule generation" and added the outbound rule:
Interface=WAN2, Source=10.10.10.4/32, NAT Address=WAN2 address.
(screenshots: https://i.imgur.com/EHvOC0h.png, https://i.imgur.com/DwpSmlA.png)

My issue:
This did not work as expected because incoming requests over WAN2 where answered over WAN with the wrong IP address and outgoing requests from 10.10.10.4 would also go via WAN instead of WAN2.

I tried setting it to LAN which also didn't work and then I tried WAN and that at least changed something but not how I wanted it to: now it's sending out the traffic over the WAN interface but with the WAN2 IP which doesn't work due to MAC-address validation.