Functional Fail-back on a USG/USG-Pro-4

How to Enable Functional Fail-back on a USG/USG-Pro-4 #

PROMPT: You notice issues with your USG/USG-Pro-4 stuck on WAN2 after a failover event from WAN1.

Resources: #

Reddit Thread on Topic
UI help article on Advanced Gateway Config
^^ Looks like Ubiquiti removed this article lol. Here is a link to the site from the internet archive. Or here is a PDF of webpage downloaded from the internet archive.

Prerequisites: #

  • You have set up both WAN1 and WAN2 on the USG/USG-Pro-4 and have configured Load balancing to be set to Failover mode.
  • Access:
    • You have a VPN set up to the site.
    • You are currently at the site.
    • You are connected into a PC which is on the site.

Steps: #

  1. Login to the UniFi Network Application and use the site switcher at the top left to switch to the active site.
  2. Go to Settings at the bottom of the left sidebar (gear icon), then System, then Advanced.
  3. Scroll Down to ‘Device Authentication’ and make note of the username and password.
    • If this is blank, then enable ‘Device SSH Authentication’ and type in a secure username and password. Apply Changes.
  4. Depending on your form of access, open up PowerShell/bash on your computer, or the computer that is currently on the site.
  5. Type ssh username@IP-of-USG/USG-Pro-4 then type in the password.
    • If prompted about storing a fingerprint, just type yes.
  6. Now that you are in, type the following commands exactly in this order:
    1. configure
    2. set load-balance group wan_failover flush-on-active enable
    3. commit
    4. save
    5. exit
  7. Close out of PowerShell
  8. RDS/SSH/SCP onto your UniFi Network Application host.
  9. Once connected, navigate to the Network Application base location, then go to \data\sites.
    • On Windows the base location is C:\Users\user-who-installed-net-app\Ubiquiti UniFi
  10. Back on the Network Application web interface, make sure you are in the affected site.
  11. In the URL, you should see https://ip-address:8443/manage/random-string. Make note of the random string.
  12. Back in the sites folder, navigate inside the folder named the random string. Place the following file into that folder.
    • Insert config.gateway.json file
  13. You are all set, at some point restart the USG/USG-Pro-4 and then test to verify that fail-back now works.