UniFi Router Comparison: USG vs UDM vs UXG

Originally Posted: July 20th, 2020
Last Edited: April 2nd, 2022

UniFi Router Comparison: USG vs UDM vs UXG

Ubiquiti'due south line of routers, like their UniFi Dream Car or recently announced UniFi Dream Router, announced unproblematic until you dig below the surface. There are two generations and a few models to consider. There is also a completely split up line of products, EdgeRouter, which may be a meliorate option depending on your needs. UniFi routers are dissever from EdgeRouters, and the differences can get complicated.

UniFi networks are modular, and you lot are able to add and remove any parts as needed. Yous don't need a UniFi router to run a UniFi network. Going with a total UniFi stack has some benefits, only there are also some features which are non supported. The right solution depends on what kind of network you are trying to build, and what features you lot demand to reach that.

Recently, Ubiquiti changed some of their naming conventions. UniFi routers are now split into the older "security gateway" and the newer "UniFi OS Console" and "Routing Offload" categories. If you desire comparison charts of all UniFi routers, admission points, and switches, refer to my UniFi Comparison Charts and all of my other posts almost Ubiquiti. If you want to know more about the specific models of routers they sell, read on.

Table of Contents

UniFi Router Comparison Charts

All UniFi Routers, every bit of April 2022.

Security Gateways

  • UniFi Security Gateway (USG)
  • UniFi Security Gateway Pro (USG-Pro)
  • UniFi Security Gateway XG 8 (USG-XG-8) — Discontinued

UniFi Bone Consoles

  • UniFi Dream Router (UDR) — Early on Admission But
  • UniFi Dream Machine (UDM)
  • UniFi Dream Machine Pro (UDM-Pro)
  • UniFi Dream Machine SE (UDM-SE)
  • Deject Key Gen 2 (UCK-G2) — Not a router, only runs UniFi Network application
  • Cloud Key Gen 2 Plus (UCK-G2-Plus) — Not a router, runs all UniFi Bone applications

Routing Offload

  • UniFi Next-Generation Gateway Pro (UXG-Pro)

UniFi Security Gateway and UniFi Security Gateway Pro

USG Specs

Dimensions :
135 x 135 x 28.3 mm
(five.32 ten 5.32 x 1.11")
Weight : 366 g (12.9 oz)
Max. Power Consumption : 7W
Power Supply : 12VDC, 1A Ability Adapter (Included)
Networking Interfaces :
(1) RJ45 Serial Console PORT
(3) gigabit RJ45
Layer iii Forwarding Functioning :
64 Byte PACKETs: 1,000,000 pps
512 Bytes or Larger: 3 Gbps
Processor : Dual-Core 500 MHz, MIPS64
Organization Memory : 512 MB DDR2 RAM
On-Lath Flash Storage : ii GB

The classic USG and USG-Pro are the baseline options, which are crumbling. They're besides unlisted in the U.s. store, but still available via search, and other vendors.

USG

The USG is as cheap and simple equally it gets. The USG has iii Ethernet ports for data, with the 3rd being configurable equally a 2nd LAN or WAN port. It's a small, fanless, wall-mountable router with a dual-cadre, 500 MHz MIPS64 processor. Layer 3 forwarding performance is 1 1000000 packets per second with 64 Bytes packets, and line rate (3 Gbps) with 512 Bytes or larger packets. If you're comparing to the EdgeRouter line, the EdgeRouter Lite and the USG share a CPU, and accept very similar performance.

If all you need is a basic router, the USG gets the job done. It can route at one Gbps, only performance quickly suffers as you enable security features, peculiarly the Intrusion Detection System or Intrusion Prevention Arrangement (IDS/IPS). With those features enabled, the USG drops to effectually 85 Mbps of throughput.

USG Hardware Offloading

If you google for USG throughput problems, a lot of them refer to features that can't be offloaded, or hardware-accelerated. Hardware offloading is used to execute functions using hardware instead of software, which makes the general purpose CPU practise all the work. The benefit of offloading is increased speed and throughput, by not depending on the CPU for forwarding decisions. The problem is that not all features tin exist offloaded. This EdgeRouter help page explains this in more item.

A lot of networking gear, including the USG, has specialized fries that accelerate basic network processes like routing decisions. The USG can handle routing gigabit connections with hardware offload enabled. The USG and USG-Pro accept IPv4 forwarding, NAT, VLAN, GRE, PPPOE and limited IPSec offloading. Unfortunately, they lack QoS or IDS/IPS acceleration hardware. Hardware offloading must exist disabled to enable those features, which severely limits performance.

Typically, routers can speedily look at a packet header and make a routing determination based on that. Enabling QoS and IPS/IDS complicates that. IPS is computationally intensive because the router has to inspect the contents of every packet for arbitrary patterns, not just the packet headers. To practice this with hardware you demand an expensive proprietary ASIC. Ubiquiti's staff of life and butter is making the nearly with their software on article hardware, and selling information technology for a good price. If yous are looking for multi-gigabit firewall or VPN performance, there are other vendors for that.

With offloading turned off, the general purpose CPU in the USG has to do actress calculations, bringing operation down to around 300 Mbps. If you also turn on QoS, the routing becomes more complicated, and performance suffers further. When you turn on IPS/IDS, the USG has to inspect and process every packet, which brings throughput down to around 85 Mbps. Enabling these features will affect all processes on the USG, including inter-VLAN routing speed, unless you have a divide layer 3 switch. The USG doesn't take a built-in switching ASIC, but some EdgeRouter models practise.

You lot can confirm your offload settings in the UniFi controller under USG -> Config -> Advanced. For the best performance, you lot want to enable hardware offload, scheduler, and layer 2 blocking.

USG with Hardware Offload Off

  • Basic routing, including inter-VLAN, may perform below line charge per unit

  • Can utilise IDS/IPS

  • Tin utilise QoS/smart queues

  • Tin can use DPI (Starting in USG firmware version four.4.18 )

  • Can non apply GeoIP filtering

USG with Hardware Offload On

  • Able to perform basic routing functions at line charge per unit

  • Cannot use IDS/IPS

  • Cannot use QoS/Smart Queues

  • Can use DPI

  • Can utilize GeoIP filtering

The USG was released in 2014, and it'due south long overdue for an update. If you take Net service with more than than a couple hundred megabits of bandwidth, the USG requires choosing which features y'all tin live without. If yous want college speeds and you want to employ some of those not-offloaded features, you need a USG-Pro, UDM or a 3rd political party router. In that location is also a new model called the UXG-Pro in the early access shop, but there isn't a directly replacement for the USG.

USG-Pro Specs

Dimensions :
484 x 44 10 164 mm
(19.06 x 1.73 ten 6.46")
Weight : 2.three kg (5.07 lb)
Max. Power Consumption : 40W
Power Supply : Internal Ac/DC Power Adapter, 60W (24V, 2.5A)
Networking Interfaces :
(1) RJ45 Series Console
(2) gigabit RJ45 LAN
(2) Gigabit RJ45/SFP WAN
Layer 3 Forwarding Performance :
64 Byte PACKETs: two,400,000 pps
512 Bytes or Larger: 4 Gbps
Processor : Dual-Core one GHz, MIPS64 with Hardware Acceleration
System Retentiveness : two GB DDR3 RAM
On-Board Flash Storage : 4 GB

USG-Pro

If the USG is not enough or y'all adopt a rackmount model, the USG-Pro is available. The USG-Pro is as well due for an update.

About of the limitations of the USG also apply to the USG-Pro. The USG-Pro has more powerful hardware than the USG, but not by much. If yous're comparing to the EdgeRouter line, the EdgeRouter Pro (discontinued) and the USG-Pro share a CPU, and have like performance.

The USG-Pro raises IDS/IPS performance to 250 Mbps, and adds two SFP ports and a 2nd gigabit Ethernet WAN port. The WAN ports on the USG-Pro are either/or. You can use either RJ45 Ethernet or SFP, merely merely 2 total WAN ports at one time.

The USG and USG-Pro both support load balancing between two WAN connections.The secondary WAN on a USG or USG-Pro can be used for failover or weighted load balancing. Dual WAN setups tin exist a little catchy to setup and optimize. If you are looking to make a dual WAN network, I recommend you read this help commodity most policy-based routing. The new UniFi OS models like the UDM-Pro and UDM-SE only back up failover for dual-WAN setups, and so this is one area where the USG and USG-Pro has an advantage.

USG: Legacy Platform, with benefits

While the USG and USG-Pro are older, they have some features which have non shown up in the newer products. Multi-site management, weighted load balancing, multiple WAN IPs (this was added to the UXG with beta version 0.four.0), and virtually features which require manually editing the JSON config file on the USG, are not possible with the UDM or UDM-Pro. The UDM line runs on a new underlying operating system, and does not take the aforementioned JSON config file workaround that the USG has.

Hither's a expert example of how to configure an USG to route traffic over an OpenVPN tunnel. If this blazon of configuration is intimidating to yous, take a hard look at the officially supported features. You will be limited to the supported features unless you are willing to create custom, breakable configurations similar that. OpenVPN performance will not be smashing with the USG either, due to the limitations of the hardware.

Ubiquiti doesn't officially support editing the JSON configuration file editing on the USG, but that back door allows for features that Ubiquiti doesn't expose to the UI. It was never a good organisation. Those modifications were never guaranteed to piece of work, and ofttimes were removed or broken by firmware updates. The USG + split controller + JSON config files is the onetime style of managing a UniFi network. Unfortunately, there are situations and features where this is the better, or only option.

Earlier investing in this older equipment, verify that the USG or USG-Pro tin can do everything you need it to before purchasing. If they fit your network needs they are still OK to use, just they are budgeted cease of life.

UniFi Dream Car and UniFi Dream Machine Pro

UDM Specs

Dimensions :
110 X 110 x 184.2 mm
(4.33 X 4.33 ten vii.25")
Weight : 1.05 kg (2.32 lb)
Networking Interfaces :
(4) Gigabit RJ45 LAN
(1) Gigabit RJ45 WAN
IDS/IPS Throughput : 850 Mbps
Processor : Arm Cortex-A57 Quad-Core at one.7 GHz
Organization Memory : ii GB DDR4 RAM
On-Board Wink Storage : 16 GB
Max Power Consumption : 26W
Additional Features :
4-PORT SWITCH
born Network CONTROLLER
congenital-IN Access POINT
TX Power :
ii.4 GHz - 23 dBm
five GHz - 26 dBm
Antenna : (ane) Dual-Band, Quad-Polarity
Antenna Proceeds :
2.4 GHz - 3 dBi
5 GHz - 4.5 dBi
Wi-Fi Standards : 802.eleven a/b/thousand/due north/ac/ac-wave2
Wireless Security : WEP, WPA-PSK, WPA-Enterprise (WPA/WPA2, TKIP/AES), 802.11w/PMF

Another pick is the UniFi Dream Car (UDM) and UniFi Dream Machine Pro (UDM-Pro), which were released in 2019 and 2020. They are not straightforward replacements for the USG and USG-Pro, since they accept an integrated UniFi controller and some boosted hardware features, equally well as some new limitations. These devices tin't be adopted past an external UniFi Network controller such as a Cloud Key, cocky-hosted, or cloud-hosted version of the UniFi Network software.

  • The UDM is an all-in-one UniFi OS Console, router, switch, and wireless access point

    • Runs UniFi Network application and UID

  • The UDM-Pro is a rackmount UniFi OS Panel, router, switch, and single-bay NVR

    • Runs all UniFi applications — Network, Protect, Talk, LED, UID, and Access

At that place are some differences between UniFi OS Consoles and how traditional UniFi controllers work. There are besides some features possible on the USG line that aren't available for the UDM. Like most things with UniFi, the details get complicated.

UDM

The UniFi Dream Auto gives y'all everything y'all need for an UniFi network in one device. It looks similar a normal all-in-1 home router. In UniFi terms, information technology is a UniFi Os Panel, router, switch and access point.

It has the same modern ARM CPU equally the UDM-Pro, making information technology a capable security gateway for fast Internet connections. The managed gigabit switch lacks POE, but it lets you connect four devices or additional switches. The 4x4 802.11ac Moving ridge 2 wireless access bespeak is equivalent to a nanoHD — adept plenty to cover apartments or small-to-medium sized houses and businesses.

You lot tin can recall of the UDM as a UniFi starter kit. Integrating all the components in ane device has a lot of benefits, simply also some limitations. It complicates the upgrade path from a USG-based network, which required a Cloud Key or cocky-hosted solution. For more details, you can read my full review of the UDM.

UDM Complications: UniFi Bone, Built-in Controller, missing features

The UDM and UDM-Pro run a new operating system underneath, UniFi Bone. UniFi Bone is Ubiquiti's name for the software which run UniFi applications, such equally Network, Protect, Admission, LED, and Talk. The UDM only runs the Network controller and UID. Those additional applications crave a UDM-Pro or CloudKey Gen 2+ on the latest firmware.

The UDM and UniFi OS Consoles in general marked a big change in the UniFi line. Before, it was easy to run the UniFi Network awarding anywhere, and add whatever devices you wanted. With the UDM, you're forced to use the born Network application, meaning you can't add a UDM to a Cloud Key or self-hosted Network controller.

If yous need to manage multiple UDM's or access them remotely, you'll demand to setup a VPN or apply Ubiquiti's free cloud service (unifi.ui.com). Each UDM has their own instance of the UniFi Network application, with their own networks and settings. You cannot manage them as private sites within a single external controller, like yous can with a USG. A lot of managed service providers relied on this feature to deploy many customer sites within their self-hosted UniFi controller. That's not possible with a UDM, but information technology is however possible with UniFi switches and wireless access points.

Despite being a few years onetime, the UDM stil has some missing features. Some of those features listed may not touch you lot, but things like span mode, advanced dynamic routing, and a lot of IPv6 features are not there yet. With the USG, you lot are able to create a custom configurations to get around the limits, merely the UDM lacks the ability to manually edit the JSON config file. Go on these feature limits in listen when because purchasing a UDM.

UDM-Pro and UDM-SE

Another pick is the UDM-Pro, which was released in early on 2020. Information technology is a 1U rackmount appliance, made out of metal. It looks similar to the USG-Pro, with a few added features and faster performance. The UDM-SE was released in 2021. For $120 extra, the UDM Special Edition upgrades from one Gbps to two.v Gbps on it's RJ45 WAN port, adds a 128GB SSD, and PoE out.

UDM-Pro Specs

Dimensions :
442.4 10 43.seven 10 285.6 mm
(17.42 x ane.72 10 11.24")
Weight : iii.xc kg (8.60 lb)
Networking Interfaces :
(8) gigabit RJ45 LAN
(1) gigabit RJ45 WAN
(1) one/10G SFP+ LAN
(1) 1/10G SFP+ WAN
IDS/IPS throughput : 3.5 Gbps
Processor : Quad ARM Cortex-A57 Core at 1.7 GHz
Arrangement Retentivity : iv GB DDR4
On-Board Wink Storage : xvi GB
Max. Power Consumption : 33W
Additional Features :
bUILT-IN CONTROLLER
8-PORT SWITCH
UniFi Protect, tALK AND access
HDD bay
1.3" tOUCHSCREEN
Redundant Power

Forth with the upcoming UXG-Pro, these replace the USG-Pro as the loftier-end, rackmount router option in the UniFi line. The UDM-Pro and UDM-SE are full UniFi Bone Consoles, and they can run all of the UniFi applications:

  • UniFi Network, for managing UniFi admission points and switches

  • UniFi Protect for security cameras

  • UniFi Talk for VoIP phones

  • UniFi Access for access control and door locks

  • UID, which is a subscription cloud service for identity management. UID is still in Early Access.

For WAN interfaces, the UDM-Pro has a 10 Gbps SFP+ and a 1 Gbps RJ45 port. For LAN interfaces, the UDM-Pro has a x Gbps SFP+, and a eight-port gigabit RJ45 Ethernet switch. The 8-port switch shares a single 1 Gbps link to the rest of the network, pregnant information technology's all-time used for light duty tasks, such as smart home hubs or low-bandwidth devices.

The UDM-SE changes a few aspects of the UDM-Pro, upgrading to a 2.5 Gbps RJ45 WAN port. It besides adds PoE support to the 8-port switch, with ii 802.3at PoE+, and 6 802.3af PoE ports. The UDM-SE likewise has 128 GB of internal storage for UniFi Protect. The 8-port switches ane Gbps backplane limitation from the UDM-Pro is unchanged.

Both models likewise feature a 1.3" touchscreen on the front. The screen displays data about the network and the device. It allows you to view the current IP address, number of clients, current temperature and fan speed, uptime, and stats on the integrated applications like Protect and Talk. This feature was too added to the 2d generation UniFi switches. Another change is the addition of the proprietary ability port on the back, which lets yous attach a UniFi Smart Power RPS for redundant ability.

The other big hardware feature to note is the hard drive bay. The hard drive bay supports 3.5" and 2.v" drives to tape video on with UniFi Protect. If you are planning on adding a hard drive, brand sure to buy one that is supported. If you want more than details, you can read my original, slightly outdated review of the UDM-Pro.

UniFi Routers vs. EdgeRouters

UniFi and EdgeMAX devices sometimes share hardware, but they are dissimilar products, aimed at different uses, and are managed using different tools. Management of UniFi devices past EdgeMAX software or UISP is non possible.

EdgeRouters expose more networking features in their web interface, and can be configured through a command line. EdgeRouters are more than traditional networking equipment, where UniFi is "software divers" and managed by the UniFi Network application. Outside of a few setup wizards, the EdgeRouter and EdgeSwitch products don't hold your paw, and they expect you to be able to configure things manually.

Functionality that is not accessible through the UniFi controller may be bachelor on EdgeMAX products. EdgeRouters lack the tight integration and simplicity of the UniFi ecosystem, but they offer more support for common networking configurations. Willie Howe has a groovy video which goes over some of the finer differences.

In general, setting up a UniFi network is like hitting the Piece of cake Button. If you merely need to setup a basic network with some VLANs and bones security protections, UniFi makes that elementary. If you lot need features outside what UniFi offers, an EdgeRouter is going to be a better fit.

There is more than scope for inexperienced users to become in over their caput with the EdgeRouters, simply most network professionals adopt the flexibility. If reading this post made yous retrieve "They don't back up that!?" I would recommend you wait into EdgeRouters or another brand for routing. You tin can notwithstanding employ UniFi for switching and wireless if you want.

UDR and UXG-Pro

The UXG-Pro is an upcoming, more than directly replacement for the USG-Pro.

UniFi Dream Router (UDR)

The UniFi Dream Router is a new model recently added to the Early Access store. Information technology'due south essentially an upgraded UniFi Dream Automobile with Wi-Fi half dozen on 5 GHz, UniFi Protect back up, two PoE out ports, 128 GB of internal storage, an SD menu slot, and a crazy price tag.

UXG-Pro

The UXG-Pro was added to general access in March 2022 subsequently spending virtually 2 years in the Early Access store. It has two ten Gbps SFP+ ports, and two gigabit RJ45 ports. It has the same CPU as the UDM-Pro, just one-half the RAM. The biggest feature of the UXG-Pro is that it's not a UniFi OS Console. The UXG-Pro doesn't run any UniFi applications, making it a standalone router like a USG or USG-Pro. This means the UXG-Pro is able to be adopted by a self-hosted Network controller or Cloud Key.

Since Ubiquiti specified that the UXG-Pro is part of a "new product line", it's probable that a not-Pro version of the UXG is coming at some point, but so far nosotros have not seen it.

Boosted Reading

I have a lot of other posts where I hash out UniFi hardware:

Blog

Eero Pro 6E and Eero 6+ Review: Fast and Easy

My in-depth review of the eero vi+ and eero Pro 6E. They're very fast, and this review is very long.

Read More than →

eero Comparison Charts

Comparison charts for eero mesh Wi-Fi gateways and extenders, including the new eero 6+, eero Pro 6E, and the Ring Alarm Pro.

Read More →

TP-Link Omada In-Depth Overview

My in-depth overview of TP-Link Omada. This overview covers Omada controllers, routers, access points and switches, and compares Omada with Aruba'southward Instant On and Ubiquiti's UniFi.

Read More →

Where to Buy: Network Vendors and Resellers That Don't Suck

My list of the all-time network resellers and vendors to buy from. This listing mainly includes United states retailers. Sad international readers!

Read More →

TP-Link Omada Comparison Charts

All my charts for comparing TP-Links'south models of Omada Wireless Access Points, Routers, Switches, and Controllers.

Read More →

U6-Enterprise Preview: UniFi's First Wi-Fi 6E AP

A preview of the U6-Enterprise, Ubiquiti'southward first Wi-Fi 6E AP.

Read More →

UniFi's Advanced Wi-Fi Settings Explained

Explaining UniFi'due south advanced Wi-Fi Settings, what they mean, and how you should use them.

Read More than →

Q&A: Wi-Fi Edition

Answering some of the common questions I go well-nigh Wi-Fi, and mesh systems similar Eero, Linksys Velop, Aruba Instant On, and TP-Link Deco.

Read More →

Q&A: Ubiquiti Edition

Answering some of the common questions I get about Ubiquiti and UniFi.

Read More →