In your LAN rules, you should write that Source alias1 can go to Dest "any" via Gateway1.A 2nd rule states that Source alias2 can go to Dest "any" via Gateway2.If you cannot specify your list of servers as an alias, you could try to add a Block rule that prevents your "private" alias going into the public gateway.