Your ISP-2 VR configuration needs tweaking.
1. You have not configured the second route recommended by Bob:
set route 0.0.0.0/0 vr trust-vr preference 30 >>>>> Add this in ISP-2 VR for the traffic to be pushed through ISP-1 when ISP-2 is down
2. Remove the 'permanent' flag from the default route and tweak the preference as below:
set route 0.0.0.0/0 interface ethernet3/2 gateway 90.145.137.97 preference 20
set route 0.0.0.0/0 vr trust-vr preference 30
How does it work?
The firewall will probe 90.145.137.97 continuosly with ICMP. When there is no response, e3/2 will be DOWN logically. So, the route with preference 20 will also go down. The route with preference 30 will become active and send all traffic to Trust-VR (ISP-1).
One recommendation: It may not be a good idea to track the ISP gateway for route failover. Because, most of the times when ISP backbone is down, the gateway will still be up and answering to probes from firewall. It would be a good idea to track something on the internet, like 4.2.2.2, 8.8.8.8 or a public server.