Hi,
can suggest 2 ideas
1) routing-instance of type virtual-router on FW1, please refer https://forums.juniper.net/t5/Day-One-Books/Day-One-Juniper-Ambassadors-Cookbook-for-Enterprise/ba-p/198733 p108, the idea is to get replies routed back to the FW2 in case you use ISP2 for access to the web-server, you would need to merge it with existing VPN config
2) not tested, but you can try to add additional NAT on FW2 to nat/pat everything coming from ISP2 going to the web-server, this should be accesible through VPN from FW1, web-serve will be seeing requests from this new source ip, you can track actual source ips from FW2 session table