Ubiquiti Unifi Security Gateway (USG)
|Frequency Band Class||Single-Band|
|Data Transfer Rate||3 Gigabits Per Second|
|Number of Ports||4|
About this item
- Make sure this fits by entering your model number.
- 3 Gigabit Ethernet ports, CLI management for advanced users
- 1 million packets per second for 64-byte packets
- 3 Gbps total line rate for packets 512 bytes or larger
- Integrated and managed with UniFi Controller v4.x
- Secure off-site management and monitoring, Silent, fanless operation
Frequently bought together
Have a question?
Find answers in product info, Q&As, reviews
Your question might be answered by sellers, manufacturers, or customers who bought this product.
Please make sure that you are posting in the form of a question.
Please enter a question.
From the manufacturer
VPN Server for Secure Communications
A site-to-site VPN secures and encrypts private data communications traveling over the Internet.
Convenient VLAN Support
The UniFi Security Gateway can create virtual network segments for security and network traffic management.
Integration with UniFi Controller
The UniFi Controller software conducts device discovery, provisioning, and management of the UniFi Security Gateway and other UniFi devices through a single, centralized interface.
Ubiquiti Unifi Security Gateway (USG)
The UniFi Security Gateway extends the UniFi Enterprise System to provide cost-effective, reliable routing and advanced security for your network.
The Unifi Security Gateway extends the Unifi Enterprise System to provide cost-effective, reliable routing and advanced security for your network.
Integration with UniFi Controller: Bundled at no extra charge, the UniFi Controller software conducts device discovery, provisioning, and management of the UniFi Security Gateway and other UniFi devices through a single, centralized interface.
Powerful Firewall Performance: The UniFi Security Gateway offers advanced firewall policies to protect your network and its data.
Convenient VLAN Support: The UniFi Security Gateway can create virtual network segments for security and network traffic management.
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
There are layers of stupid going on here. With it having that fixed IP address, you can't even hope to adopt it without going on a fishing expedition. I really hope you remember the material from your Cisco certification because you're going to need it. Assuming you remember the intricacies of IP subnetting, you can begin creating a virtual NIC and set it to the same subnet as the gateway (192.168.1.0/24). Unfortunately for you, as you're doing that you may notice that all of your other Ubiquiti networking equipment is systematically going offline.
Go ahead and contact support, they'll tell you it's impossible and that you must have something else wrong with your network. But everything was running fine for months until you plugged this little demon in. What's happening is that the USG includes a DHCP server which is up and handing out bogus IP addresses whenever a device goes to renew its lease. Far from being "impossible", it's a very real and very stupid thing to have happen.
The core issue is this ridiculous adoption process that no other vendor seems to require. Somehow Cisco and Juniper have managed to stumble along for the last couple of decades without such a concept. I wonder why... Some potential fixes for this issue are: have the adoption process (if it must exist) use multicast for device discovery and provisioning, or do not require adoption for the USG (if it's a Genesis problem), or use some other non-IP means (e.g. IPMI) to conduct the adoption and initial provisioning. Then of course the easy answer which won't work for everybody is to simply ship the thing with DHCP client enabled. Customers without a DHCP server will be stuck out. But in that case, just include one in the controller specifically for handling this case. Maybe style it as a wizard or something so it can't get messed up an the DHCP server and whatever other resources can be assured to be disabled and cleaned up once the adoption process is complete. But for the love of god do something. The way it ships now is completely unacceptable.
Most importantly, DO NOT PLUG THIS INTO A FUNCTIONING NETWORK or it won't function for very long. If you really have to get one of these, attach it to a physically isolated network, your uplink, and just a single multi-homed computer running the controller (or a cloud key). That way, the USG is isolated so it can't overrun your other DHCP server and take the network down by handing out bogus addresses. You should be assigned an address via DHCP by the USG so that you'll be able to "see" it and hopefully update the firmware and finally adopt it. How you ever regain confidence in Ubiquiti's products ever again? I have no idea.
When I attempted to return the product to Amazon, I was denied because it was over their 30 day return policy. I was told to contact the manufacturer for a warranty replacement. All I got from them was a vague message about the device being out of warranty, as you can see in the picture I have attached. How is a device that was purchased 2 months prior out of warranty? The warranty is on Ubiquiti's own website is for a year. Is sitting in a warehouse, sealed inside the original packaging considered normal wear and tear on a firewall? Does Ubiquiti have random kill switches embedded in their devices set to go off right when the warranty expires? Who knows? I sure don't because I have not received any more information from them on the subject yet!
Overall I like the product but the customer service is abysmal so far. A brand new device should last more than 2 months. Even if it was a lemon, the company should stand behind their product. 1/5 stars.
Edit: I'm changing the review from 1 star to 3. Amazon was kind enough to refund me the full amount for the product and accept the broken one as a return. I gave the product another shot and it has been running strong for several months now. I am still deducting 2 stars because of Ubiquities terrible customer service.
That all being said, I simply love this device. Configuarable to dual WAN, supports DNS, the UniFi controller software is simply amazing. As long as UniFi continues to roll out updates and listening to their customers, this little box will be simply amazing, especially considering the cost. The UniFi controller is what makes these products. Kudos, Ubiquiti!
Update: 4/1/18 so the controller software has been updated and now correctly displays the status of manually created end point VPN tunnels. This was a frustrating issue that had finally been resolved.
I must say that this equipment is the best network equipment that I have ever used. I own 3 pharmacies and they connect to my house which acts as the hub for the 3 locations to communicate between each other. VPN tunnels connect all 3 locations to the central server at my house. It is imperative that the tunnels are dependable. I have used Sonicwalls, linksys, Cisco, and Netgear routers all of which cost 3-4 times this unit, and it blows them away. I have not had a single VPN flake out over 6 months.
The single unified controller manages the adoption of all UniFi devices, as well as the deployment of things like firmware updates. I literally lay in bed with my iPhone and initiate rolling firmware upgrades across 4 locations without any issues. Amazing.
It’s a bit of a learning curve, and the software is scrambling to keep up with the equipment’s community’s requests, but they are working on developing and rolling out all of the requested functionality. It’s like watching a product evolve in real time, yet enjoying the incredible reliability of their EdgeRouter line.
For $100, buy a USG and an AP, and dive into the UniFi ecosystem. You owe it to yourself.
And no, I am not getting paid for this review. It’s simply the best equipment I’ve ever used.
Top reviews from other countries
My previous ubiquity purchases, an 8 port and 24 port UniFi switch really helped me visualise my network and its usage, using a virtual version of the UniFi cloud key on my NAS, this provided real-time data, monitoring and alerts on my network via a web browser or app on my phone/tablet.
Why two switches you might ask? Well rather than purchase a much more expensive power over Ethernet (PoE) 24 port switch, I purchased the standard version, and then got a smaller 8 port switch that had 4 PoE ports, more than enough for the next stage of my network upgrade.
So at this point the Virgin Cable box is in Modem mode and plugged into the wan port on my night hawk, these new switches plugged into the lan side of the nighthawk serving the rest of the house. WiFi also running through the netgear nighthawk.
Phase 2 was the upgrading of the WiFi, here I purchased a UniFi AC-Pro as the main WiFi access point for the home, connected and powered by the 8 port switch over Ethernet. Once working I disabled WiFi on the netgear nighthawk.
The cool thing at this stage is all the additional data the cloud key device gives you visually for WiFi and it’s usage, it highlighted that due to the size of the house and the AC Pro’s position coverage at the back of the house was a little weaker, so I then installed a UniFi AC lite access point as a repeater or extender wirelessly to address that.
The software also provided data on WiFi congestion, showing me channels to avoid due to neighbours wireless kit too - bonus!
So now wired and wireless is rock solid, internet performance good, but netgear router not really providing much detail on my broadband and it felt like a bottleneck.
So it’s time to replace the netgear with the UniFi Secure Gateway (USG). To install, as others have said is tricky, because initially it has a hard coded IP that is often the same as your default router IP, this causes a problem when trying to adopt it onto your network through the cloud key and upgrade the firmware.
There are loads of articles online and youtube videos to help with this, it took a couple of hours but I eventually got everything adopted, updated and swapped out my netgear nighthawk router with the USG.
I now, through the same cloud key interface get end to end data on my internet provider and my wired and wireless clients. It’s fantastic to see and manage your network like this, the insights and data provided are amazing.
Now I didn’t want to purchase a physical cloud key from UniFi, at £80-90 it’s quite expensive, so I installed a virtual version on my synology nas using docker, you can install a windows app on your pc too, but the intention is to leave cloud key running 24/7 to gather data and provide alerting on your network, I didn’t want to have a PC on all the time.
Now you could use the windows version and only use it to setup the equipment initially and when you want to troubleshoot an issue, but in this setup that’s like buying a nice car and leaving it in the garage. The whole point of all the UniFi gear is visualisation and management of your network.
So back to the USG, it’s like the final piece in my network setup, providing so much detail on how my network is used and the quality of service from my broadband provider Virgin. It really is amazing, even if setup takes some time - bare with it, it’s worth it.
The only thing I did lose in the upgrade was the inbuilt version of circle on the netgear router for managing the kids internet, we paid the extra £5 a month for circle to have advanced parental control - blocking devices, specific apps or websites, profiles for particular children etc. Circle was excellent, they do make a stand-alone version that sits on your network but unfortunately this throttles down your internet performance.
So we decided to put the kids devices on a separate virtual lan (vlan) on the UniFi equipment and use open DNS family shield DNS servers on that vlan for all the kids devices, this is a configuration only, no cost option, to prevent unsuitable content, but you would need the USG and one of the UniFi access points to do this for wired and wireless clients. This all sounds very technical but there is a few YouTube videos and articles in the UniFi forums on how to do this. We then use Microsoft family to manage the kids pcs and Apple’s screen time to manage phones.
We can still block devices via UniFi app from reaching the internet or setup up schedules to manage internet/WiFi, it’s just three apps instead of just circle to manage overall control.
So there we have it, my 3 phase plan, I did the upgrades over the course of a 3-6months to spread the cost and ensure I got what I expected from each stage. WiFi is now night and day better than the nighthawk with triple digit megabit performance, the USG is the icing on the cake.
I’d recommend this setup in a medium to large size house, with upwards of 20 devices on your network, I know that might sound like a lot of devices but if you have 3 or 4 family members with 2 or 3 devices (phone, tablet, kindle, pc etc) then add your smart TVs and appliances, games consoles, Alexa or google devices it all soon mounts up.
If WiFi is you main issue consider just getting the AC Pro and disabling WiFi on existing router.
If you have a smaller to medium size home with kids but not too many devices I would still recommend the Netgear nighthawk R7000 with inbuilt Circle software.
Sorry if the review is information overload, but I wanted to also give you context for why I upgraded in the first place!
A way of thinking about this is to consider the usual modem/router/switch combo your ISP gave you as being the same as an all-in-one Hi-Fi. This is the separates version, and darn good separates too.
This bit is just a router. It connects two networks, as routers do, being the internet (WAN) and all the stuff in your house/business (LAN). It only has one LAN output by default, and no WiFi, so, you'll need a modem of some form with an ethernet output on the WAN side to connect to the outside world, and assuming you have more than one device a switch of some form to allow them to connect to the internet on the LAN side, and then a wifi access point if you want to connect wirelessly. That means cost. But, you get what you pay for. This is a big step up from the consumer kit you'd normally see to business quality hardware and associated software. We're lucky and have fibre to the home, so the OpenReach GPON (sort of fibre modem) unit dumps 300Mb goodness into this, and it handles it effortlessly. Ours is matched to a Ubiquity switch, which in turn is matched to a controller (runs the software) and several PoE driven access points, so our house has seamless WiFi just like a properly setup office.
It's been subject to roughly monthly firmware and software updates, all of which happened without drama, and added useful features to it all, including easy IPv6 support. Other than rebooting following those updates it's been on the whole time.
A couple of warnings:
Read a bit and watch some videos before diving in, it's not for the technically faint of heart as it won't 'just work'. It's not hard to set up, but will be more trouble than a BT/Sky/ISP preconfigured one. If you deal with this sort of thing for a living, it's a walk in the park.
It can get hot, mounting vertically is recommended to use the vents effectively. (Ethernet ports go down) Just mind the dust, and don't cover it.
The similar looking 3 Edge Router is pretty much identical to this, cheaper, and easier to use without the controller software. The main difference is that in the controller software with this you get more green circles, and access to it from that control panel. Oh and it glows a cool blue when it's working. If that does not interest you, save a few quid and get the 3 Edge Router.
Just like Hi-Fi separates, once you start your wallet will weep as you feed your new addiction, but you'll love the improved everything.
The hardware is very nice and comes neatly packaged, almost Apple-like. Annoyingly it ships without a UK plug so you will have to source one separately. It does get a little warm and the LEDs are quite bright, but nothing too obnoxious. With a maximum power draw of 7w I’m very happy with its low power consumption.
You configure the USG through the Unifi controller software, in my case on the Cloud Key, and it does give you some good statistics. Perhaps my biggest bug bear is the DHCP service. For starters, DHCP is tagged as ‘beta’. Seriously? DHCP is as old as the hills, and very basic functionality for a device like this. The way you manage leases and reservations is also not very intuitive. I also struggled to adopt the USG out of the box, forcing me to do 2 factory resets.
I also find the lack of documentation on the USG functionality frustrating. This stuff should be built-in, or at least readily available on the website. Take the IDS/IPS functionality (also ‘beta’). It’s literally a toggle on/off with hardly any description and no detail in the documentation. If you’re wondering it appears to be using snort and suricata rules, amongst others. It just seems a bit half-baked to me.
Once you get used to the UI it’s a decent enough box, but for £100+ I was expecting a little bit more polish and a lot less beta.
Other routers do it much better. Only reason to buy this is to fill in the greyed out boxes in the Unifi controller software. Once the novelty has worn out after about 2 minutes, you’ll wonder why you bought this and went through all the hassle?!
Die Geräte funktionieren TOP, nach ein wenig einlesen sehr leicht einzurichten und sind sehr stabil.
Softwareupdates werden regelmäßig bereitgestellt und ich habe keinerlei Probleme mit diesen Produkten.
Kurz am Rande angemerkt: Vorher hatte ich 17 APs anderer Hersteller im Betrieb, jetzt 8!!! ACLight zur kompletten Ausleuchtung
Auch habe ich durch Unifi Produkte nun 4 getrennte W-LAN Netzwerke und auch Gastkontrolle inkl. Zugangscodes (gratis!)
Interessant ist es auch zu beobachten, wer, wie, wann und vorallem was im Netz gemacht hat.
Die Firwall funktionert einwandfrei und ich bekomme auch Infos, wenn und von wem ein "Angriff" stattfindet.