UniFi Gateway Shadow Mode: The Power of High Availability

What Is UniFi Shadow Mode?

UniFi Shadow Mode is a High Availability (HA) feature that allows two compatible UniFi gateways to operate as a team. One gateway acts as the Primary Gateway, actively handling network traffic. The second gateway acts as the Shadow Gateway, remaining on standby and continuously synchronized with the primary device.

The key word there is continuously. This isn't a nightly config backup or a sync that kicks off when you remember to trigger it. The Shadow gateway is always current. So when the Primary fails not if the Shadow doesn't need to catch up. It already has everything it needs to take over immediately

How Shadow Mode Works

Shadow Mode works by keeping both gateways continuously synchronized so they behave like a single unified system rather than two independent devices. The Primary Gateway is responsible for all active network operations. It routes traffic, applies firewall rules, manages VPN connections, and keeps track of live sessions. At the same time, every change it makes is immediately shared with the Shadow Gateway.

This means the Shadow Gateway is always an exact reflection of the current network state. It does not just copy configuration once during setup; it continuously updates itself as changes happen in real time. Because of this, it is never outdated or “waiting to sync” during a failure event.

Behind this coordination is a combination of real-time state synchronization and failover logic. A key part of this is VRRP (Virtual Router Redundancy Protocol), which allows both devices to constantly negotiate and agree on which one should be active. Instead of both gateways trying to control the network, VRRP ensures there is always a clear leader and a ready standby, and it manages the transition when the leader becomes unavailable.

Under normal conditions, the Primary Gateway remains in control because it is actively processing traffic. The Shadow Gateway stays passive but fully aware of everything happening in the network. If the Primary Gateway fails or becomes unreachable, VRRP-based coordination detects the loss of availability and triggers a failover. Since the Shadow Gateway already has the latest configuration and network state, it immediately takes over routing and continues operating without needing reconfiguration. From the user’s perspective, this transition is designed to be as seamless as possible. Devices remain connected, and most sessions continue running. There may be a brief pause where traffic temporarily stalls, but the network quickly stabilizes as the Shadow Gateway assumes control.

Types of Shadow Mode

Shadow Mode can be deployed in two ways depending on how much automation and resilience is required.

Manual failover, the Shadow gateway is fully synced but doesn't take over on its own. Someone must intervene log in, assess the situation, redirect traffic, bring the standby online. This approach still provides redundancy but depends on human response, which can introduce downtime. With automatic failover, both gateways are connected through a dedicated HA link and the handover happens without human involvement. The Shadow detects the Primary is gone, takes over, and the network continues. For most business environments anything where downtime directly costs money or disrupts services automatic failover is the right choice. The small additional setup effort pays for itself the first time a gateway dies outside business hours.

What you need before you start

Shadow Mode has a few requirements worth knowing upfront so you're not caught off guard mid-deployment:

Both devices must be compatible UniFi gateways and must be the same model to ensure identical hardware behaviour. Examples of these gateways include: UniFi Dream Machine Pro (UDM-Pro), UniFi Dream Machine Special Edition (UDM-SE), UniFi Dream Machine Pro Max (UDM-Pro-Max). One is configured as the Primary Gateway, while the second must begin in a factory-default state so it can properly adopt the configuration.

The system must also run a supported version of UniFi OS depending on whether manual or automatic failover is being used. Administrative access is required for configuration and management. On the physical side, the two gateways must be connected using designated interconnect ports, and WAN and LAN connections must be mirrored so either device can handle the same network paths if needed.

How Setup Works

 

The setup process begins in the UniFi interface, where the administrator selects which device will act as the Primary Gateway and which will serve as the Shadow Gateway. Once this relationship is defined, the Shadow Gateway begins synchronizing with the primary, copying configuration, routing rules, and security policies. As synchronization continues, both devices are brought into alignment so that they behave identically from a configuration standpoint. This ensures that there is no mismatch between the active and standby systems.

Next, the physical connections are established. The gateways are linked using designated ports that allow high availability communication, and WAN and LAN cabling is mirrored so either device can take over network traffic if required. Once this is complete, the system operates as a single high-availability cluster. One gateway remains active, while the other continuously mirrors it in real time, ready to take over instantly if failure occurs.

Is Shadow Mode Worth the Investment?

One of the biggest concerns about Shadow Mode is the cost of purchasing a second gateway. Since the standby device spends most of its time waiting for a failure, it can be tempting to view it as an unnecessary expense. However, the real question is not the cost of the backup gateway, but the cost of downtime. For businesses that rely on internet connectivity, cloud services, VoIP, remote access, or online transactions, even a short outage can disrupt operations and impact productivity.

It's also important to understand that Shadow Mode protects against gateway failure, not every possible risk. For example, a major power surge from KPLC or UEDCL and could potentially damage both gateways if they share the same power source and lack proper protection. This is why surge protection, UPS systems, and good infrastructure design remain important.

Ultimately, Shadow Mode is an investment in business continuity. The cost of a backup gateway is often far less than the cost of an unexpected network outage.

Final Thoughts

Shadow Mode is more than just a backup gateway it is an investment in network resilience. By having a synchronized standby gateway ready to take over when needed, organizations can reduce the impact of unexpected hardware failures and keep critical services available. To get the most from a high-availability deployment, it's also important to protect the supporting infrastructure. Measures such as surge protection, UPS systems, and proper electrical design help ensure both gateways remain protected and ready to perform when required.

For businesses that depend on reliable connectivity, Shadow Mode provides an additional layer of confidence. Rather than reacting to outages after they occur, organizations can build resilience into the network from the start and maintain continuity when it matters most.