Failover between WAN (Layer2) and PepVPN

We are moving our servers out of our office into a datacenter. We planned to have a 500MB Layer2 connection between our office and the datacenter. Both locations will however also have a Balance 710 and internet connectivity (100MB fibre). I am now looking at the best way to configure the connection.

As we want to create subnets for both locations to avoid multicast and broadcast traffic to the datacenter we will use the Balance to route traffic primarily over the L2 link. The easiest is probably connecting the L2 cable to a WAN port of the Balance. What I was thinking is if it would be possible to use a PepVPN tunnel over the internet connection as failover.

I have been looking into the configuration and was not able to find a way to use a WAN port for outgoing traffic and switch to PepVPN using another WAN port in case that first link fails. From what I was able to find it would only work when I add both WAN ports to the PepVPN profile. This however results in using a PepVPN tunnel over the L2 link. Looking at the specs our Balance the max. throughput of PepVPN is lower than the speed of the L2 link. So that’s not the preferred way to go. Does anyone have a better idea to use the capacity and equipment as good as possible?