ok, solved.
funny enough there was a syntax error in the original firewall config / routing section that only the cli validation found, the Jweb check did not complain when committing.... this error did do nothing except when i tried to add the new gateway. fixed this error first, then adding the new gateway and routing did work.
can be closed.