/ip address
add address=192.168.4.60/24 disabled=no interface=outside1
add address=192.168.7.60/24 disabled=no interface=outside2
add address=192.168.2.1/24 disabled=no interface=hotspot

/ip firewall address-list
add address=192.168.2.0/24 disabled=no list=Local_NAT_Networks

/ip firewall mangle
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.4.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting disabled=no dst-address=192.168.7.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.4 routing-mark=to_outside1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.7.7 routing-mark=to_outside2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=192.168.4.4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.7.7 scope=30 target-scope=10

/ip route
add distance=1 gateway=Host1 routing-mark=ISP1 check-gateway=ping
add distance=2 gateway=Host2 routing-mark=ISP1 check-gateway=ping

/ip route
add distance=1 gateway=Host2 routing-mark=ISP2 check-gateway=ping
add distance=2 gateway=Host1 routing-mark=ISP2 check-gateway=ping

/ip route
add distance=1 gateway=Host1 routing-mark=ISP1 check-gateway=ping
add distance=2 gateway=Host2 routing-mark=ISP1 check-gateway=ping

/ip route
add distance=2 gateway=Host2 routing-mark=ISP2 check-gateway=ping
add distance=1 gateway=Host1 routing-mark=ISP2 check-gateway=ping

/ip firewall nat
add chain=pre-hotspot action=accept dst-address-type=!local hotspot=auth