New Member
Posts: 2
Registered: ‎01-27-2017

Policy Based Routing on USG - problem with .json file

hello togethter

 

i have a problem with my USG and Policy based routing. 

I want route one of my network over WAN2 to a second internet Provider. 

I found this manual https://help.ubnt.com/hc/en-us/articles/360005460813-UniFi-USG-Advanced-Policy-Based-Routing-

it works for a few minutes, the Unifi change somethig.

So i found out that i have to create the config.gateway.json file. But i dont know how i have to create it. when i am finishes with config the USG i  do "mca-ctrl -t dump-cfg" but i dont receive the text. 

what have i to do ?

Emerging Member
Posts: 40
Registered: ‎07-18-2018
Kudos: 11
Solutions: 2

Re: Policy Based Routing on USG - problem with .json file

[ Edited ]

Look at part of my config.gateway.json which I use to pass the traffic from guest networks via my WAN2 interface:

 

{
  "firewall":{
    "modify":{
      "LOAD_BALANCE":{
        "description":"LOAD_BALANCE",
        "rule":{
          "2500":{
            "action":"modify",
            "modify":{
              "table":"10"
            },
            "protocol":"all",
            "source":{
              "address":"10.0.0.0/12"
            }
          }
        }
      }
    },
    "protocols":{
      "static":{
        "table":{
          "10":{
            "route":{
              "0.0.0.0/0":{
                "next-hop":{
                  "11.11.11.11":"''"
                }
              }
            }
          }
        }
      }
    }
  }
}

in the next-hop there is an address 11.11.11.11 which you should change into your WAN2 gateway.

 

The example shown on ubnt page with table 1 is wrong. Table 1 modifies main routing table what changes default gateway for WAN (what results in provisioning loop) and that's why you should use table 10, as in my example.

 

******************EDIT******************

Finally I was able to convince Tech-Support that above statement is correct. Now you can see the corrected version of the article here:

 

https://help.ubnt.com/hc/en-us/articles/360005460813

New Member
Posts: 7
Registered: ‎01-12-2017

Re: Policy Based Routing on USG - problem with .json file

[ Edited ]

This info is helpful to me as well, thanks. I do have one question for you. In your example you're passing all traffic sourced from the guest networks out WAN2. I'd like to do the same, but only if the traffic was destined for the internet. What is the syntax to say basically "destination: (anything but)10.0.0.0/8"?

Emerging Member
Posts: 40
Registered: ‎07-18-2018
Kudos: 11
Solutions: 2

Re: Policy Based Routing on USG - problem with .json file

[ Edited ]

It generally works that way If your local LAN traffic goes outside  WAN it's NATed/masquaraded into public IP opposite to the local LAN traffic which isn't NATed (usually). There is no negative rule in this case so you should consider correct network addressing and put your desired network traffic via another WAN interface. Of course corresponding firewall rules could be required. My corporate network 182.168.1.1/24 goes outside through WAN1 (default configuration) and 2 guest networks (10.10.0.0/16 and 10.11.0.0/16) through WAN2, what requires this extra configuration in json file.

 

P.S. I knew I could configure 10.8.0.0/13 to narrow down my sourced networks but it's not a problem here.

New Member
Posts: 7
Registered: ‎01-12-2017

Re: Policy Based Routing on USG - problem with .json file

Yep, that all makes sense. Issue for me is that I'm load balancing my wan1 and wan2 connections. So I can't be guaranteed that outbound traffic will take any specific port. Looking at your examples I think I can see how to do what I want to do, I just am not familiar enough with the syntax to indicate a source that ISN'T local. With lots of programming languages or logic comparators you'd just say "!10.0.0.0/8", or something like that. What's the equivalent here?

Highlighted
New Member
Posts: 2
Registered: ‎01-27-2017

Re: Policy Based Routing on USG - problem with .json file

Thank you very much for your help. I will try this soon Man Happy)