Blocking traffic over USG failover

I have searched and tried about ever firewall setting and route table change and PBR scenario I can type in the CLI and yet cant seem to block select VLANS / Address ranges or network-guest groups from traversing the WAN failover LTE. I’m not sure its possible with this device? And yes I know its older USG but that is what the client has and was hoping to avoid a complete Network redo. Since both WAN interfaces are in the Wan_failover group, what ever firewall change or other setting just don’t seem to work once primary goes down. They do failover but I don’t need all traffic.

I am current on firmware. I have not created .json yet as I was just trying to test on router to make sure it worked before pushing config to CK.

Was hoping there are others that utilize this setup and have it working that could possible offer assistance.

Thanks
Wade.

Unifi offers this functionality when you use their own LTE modem, ULTE or ULTE-Pro. This means there is a way with the USG config, if you discover how. I don’t have any source to give you more info however.

Edit: I just realized they might be doing that on the ULTE itself, if they set the USG up to disable NAT on WAN2 and have the ULTE do NAT instead.

Thanks for the response but unfortunately I am not using their LTE. I am using Teltonika. I have static setup between WAN2 and LTE device so not sure NAT would be an issue. I have tried to look at this logically when applying firewall rules even using Unifi PBR guide but it just has not been successful. I appreciate the input.

To make myself more clear:
This functionality is enabled when a ULTE is present. The only way for the controller to set that up, assuming it isn’t being done on the ULTE side, is via the JSON generated for the USG. If you can find someone with both USG and ULTE, maybe you can learn what the working config is from looking at the config on their USG. Going to the Ubiquiti forums may help you find such a person.

Makes sense. There has to be devices using these configs somewhere. Just need to locate someone who may be able to share that info. I appreciate your input.