Reply
Emerging Member
Posts: 55
Registered: ‎11-29-2016
Kudos: 6
Solutions: 2

USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

Hi all, 

 

Kind of an odd issue that I'm trying to tackle. My home USG claims that it cannot connect to the internet when I visit its local IP. My latency/throughput are orange on the Unifi controller and I cannot run a speedtest. 

 

That being said, the controller is in the cloud, and the USG has been most definitely talking to the internet just fine the whole time. I believe this issue started when I set a VLAN for my WAN port (as is required by my ISP). 

 

Has anyone encountered this, or does anyone have any suggestions as to what I can try to make everything happy again? 

Emerging Member
Posts: 55
Registered: ‎11-29-2016
Kudos: 6
Solutions: 2

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

[ Edited ]

Attached a screenshot to clarify. 

Screenshot 2017-01-03 19.31.01.png
Emerging Member
Posts: 55
Registered: ‎11-29-2016
Kudos: 6
Solutions: 2

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

Oddly enough, I cannot send pings out to the internet from the USG either. I can send them out from the WAP plugged directly into its LAN port, though Confused5

New Member
Posts: 3
Registered: ‎02-20-2017
Kudos: 3

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

Are you dropping ICMP?  That's the cause of this for me.

Emerging Member
Posts: 65
Registered: ‎07-02-2015
Kudos: 9

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

Dropping ICMP where?  I have the exact same thing with USG-3.

Ubiquiti Employee
Posts: 5,066
Registered: ‎08-08-2016
Kudos: 5502
Solutions: 351

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

Dropping it on WAN OUT rules would cause that. The default rules won't do that, but it is possible to configure rules on WAN OUT that would do so. 

Regular Member
Posts: 330
Registered: ‎02-08-2017
Kudos: 84
Solutions: 10

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

[ Edited ]

I had almost the same problem some days ago, only my cirkels were red and i could ping and acces the internet, without any problems. 

 

In my case the USG was stuck in provissioning mode after an update of DNS settings.

Since i could access internet and ping, a solution was presented in this post:

https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-4-stuck-in-provisioning-mode-after-update-...

 

I chose only to restore the controller SW from a previous backup, before i would create a new site.

 

Maybe worth a try before you change a lot, if not then just ignore =)

 

/Otto

Every journey starts with a small step....
------------------------------------------------------------------------------------
Fiber -> USG 4 Pro (4.4.37dev) -> USW 16 Poe 150w (4.0.24) -> UAP AC PRO + Mesh (4.0.24)
CK (0.13.2/5.10.19)
New Member
Posts: 3
Registered: ‎02-20-2017
Kudos: 3

Re: USG claims it cannot talk to the intenret / throughput and latency are orange in the controller

Yep - I have a drop ICMP rule on WAN local, before the default rules.

It would be good to change the detection of what USG thinks "offline" is - HTTP probe w/ state maybe.
Emerging Member
Posts: 97
Registered: ‎02-04-2016
Kudos: 13
Solutions: 3

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

I had a similar problem a week or so ago when I updated to the beta from the stable.

 

I couldn't get out.  The display went orange.

 

I have some IP addresses of various places and could ping by IP but not DNS

 

I tried going back to stable but it was the same.

 

As I haven't had time to learn the cli yet, after a hour or so, I pulled the USG out and reset my pfsense.  I then defaulted the USG.

 

In the end, I had a hint on another thread from CMB aka Chris saying that in some cases, if you have the USG set to user = root, it can cause issues with configuring.

 

Change the user under site-device authentication to anything else besides root would be worth a try.

 

YMMV.

 

PS> I ma now back on Beta.

 

UniFi Security Gateway 3P
2 x UniFi Switch 24 POE-250W
UniFi AP-LR, UniFi AP-AC-LR
Ubiquiti Cloud Key
Ubiquiti Edgerouter X SFP
Ubiquiti Employee
Posts: 5,066
Registered: ‎08-08-2016
Kudos: 5502
Solutions: 351

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller


@sun-sense wrote:

In the end, I had a hint on another thread from CMB aka Chris saying that in some cases, if you have the USG set to user = root, it can cause issues with configuring.

 

Change the user under site-device authentication to anything else besides root would be worth a try.


It just doesn't set the user password for root on EdgeOS in that case, so you can't SSH into USG. It has no functional impact on USG outside of that. 

Emerging Member
Posts: 97
Registered: ‎02-04-2016
Kudos: 13
Solutions: 3

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

Then you have another vague and random issue to add to your list to locate and solve with the USG.

 

As I also had the issue like the op in that latency and throughputs turned Orange and I couldn't ping the internt by domain name, only by IP address.

 

I went back to stable and it was the same.

 

In the end I pulled the USG and reset it and started over.

UniFi Security Gateway 3P
2 x UniFi Switch 24 POE-250W
UniFi AP-LR, UniFi AP-AC-LR
Ubiquiti Cloud Key
Ubiquiti Edgerouter X SFP
New Member
Posts: 37
Registered: ‎07-01-2016
Kudos: 4

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

Same issue here only happens since i put in firewall rule to drop icmp in local wan 

Regular Member
Posts: 330
Registered: ‎02-08-2017
Kudos: 84
Solutions: 10

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller


@mylesm wrote:

Same issue here only happens since i put in firewall rule to drop icmp in local wan 


I experienced exactly the same as you described. Deleted the rule again and after a reboot it went back to black circles. Strange behavior.... 

Every journey starts with a small step....
------------------------------------------------------------------------------------
Fiber -> USG 4 Pro (4.4.37dev) -> USW 16 Poe 150w (4.0.24) -> UAP AC PRO + Mesh (4.0.24)
CK (0.13.2/5.10.19)
New Member
Posts: 37
Registered: ‎07-01-2016
Kudos: 4

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

Yes it seems ICMP is required for it to believe it is connected to internet everything works but

I see Controller Version 5.5.xx when it is released will drop icmp echo as default so hopefully this will solve the issue with dashboard circles
Regular Member
Posts: 461
Registered: ‎07-22-2016
Kudos: 195
Solutions: 28

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

If you want to drop the ICMP but NOT have the dials be orange, you have to create a config.properties file and add the below command to it. That will drop the ICMP and keep the dials active.

 

config.firewall.internet.local.icmp=false

Emerging Member
Posts: 97
Registered: ‎02-04-2016
Kudos: 13
Solutions: 3

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

 

I just want to make it clear.

 

I didn't change any settings.

 

It was a straight beta upgrade that caused my issue.

 

I could ping the internet by IP, but NOT by domain name.

 

 YMMV...because quirks can happen at any time.

UniFi Security Gateway 3P
2 x UniFi Switch 24 POE-250W
UniFi AP-LR, UniFi AP-AC-LR
Ubiquiti Cloud Key
Ubiquiti Edgerouter X SFP
New Member
Posts: 37
Registered: ‎07-01-2016
Kudos: 4

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

"If you want to drop the ICMP but NOT have the dials be orange, you have to create a config.properties file and add the below command to it. That will drop the ICMP and keep the dials active.

 

config.firewall.internet.local.icmp=false"

 

 

Thanks For that but I am a newbie to Unifi so I have no idea how to do that Hopefully it can be done from Controller GUI soon

Regular Member
Posts: 461
Registered: ‎07-22-2016
Kudos: 195
Solutions: 28

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

@mylesm wrote:

"If you want to drop the ICMP but NOT have the dials be orange, you have to create a config.properties file and add the below command to it. That will drop the ICMP and keep the dials active.

 

config.firewall.internet.local.icmp=false"

 

 

Thanks For that but I am a newbie to Unifi so I have no idea how to do that Hopefully it can be done from Controller GUI soon


Just extract the file I attached to this post to your site folder.  For example, my site folder is in data/site/default so it would go in the default folder. Then just force a provision on the USG (ex Change a setting).

Attachment
New Member
Posts: 37
Registered: ‎07-01-2016
Kudos: 4

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

[ Edited ]

Thanks For That Where is data/site/default located is it in unifi program folder oh found it

New Member
Posts: 37
Registered: ‎07-01-2016
Kudos: 4

Re: USG claims it cannot talk to the internet / throughput and latency are orange in the controller

Its ok I found the default folder and done as you said extracted file to it and it works great will that be lost if i upgrade firmware etc

Thanks Again all the Dashboard Dials are Black and Shields up shows true Stealth

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."



Reply