Should You Buy The Ubiquiti UniFi UXG-Pro?

Affiliate Link for HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
TailScale VS ZeroTier Review
ruclips.net/video/lAhD2JDVG08/видео.html
ZeroTier Review
ruclips.net/video/Bl_Vau8wtgc/видео.html
TailScale Review
ruclips.net/video/bcRVkoeSN0E/видео.html
⏱ Timestamps ⏱
00:00 ubiquiti unifi uxg-pro
01:37 HostiFi UniFi Routing Statistics
03:30 Next Generation Gateway Pro Specs
05:50 Should You Buy This Device?

Take a $379 Dream Machine Pro. Remove hdd option. Remove 8 port switch chip - recycle its internal 1gbe link to provide the 1gbe lan port. Charge $120 more. What am I missing?

I genuinely *want* the UXG-Pro to be successful and receive feature updates via firmware. The only ones holding back Ubiquiti is... Ubiquiti.

The lack of basic firewall logging for policy actions on the UDM Pro has me interested in the UXG Pro. I'm waiting to see if they implemented basic items like logging deny and allow. At least the old USG Pro had a letter in the logs that you could key off of to find the denies and allows.

Regular viewer just noticed the new message about the company, really like it!

Hello there,
We are having one UDM-Pro and considered it a great device for a simplified way to manage your access layer. And it is so - people who do not have solid networking background can easily manage switchport profiles, change SSIDs, adopt new UAPs etc.
The troubles started when we wanted to assign each remote access VPN user a certain IP address, limit their access to internal resources, have some logging enabled, perform a HA cluster (active/standby) HA configuration with dual WAN failover.. Either we were not able to perform some of the tasks or we didn't have the knowledge but UDM-Pro failed to fulfill our needs. Another thing is lack of support for multiple sites..
That's why we will keep using the UDM-Pro for management of the access layer and move to a different solution for the routing/firewall/vpn termination part.
Congrats on the informative videos! Channel content is great and really helpful!
Regards,
Nayden

I'm using a UXG Pro in conjunction with a UISP Router. With the latest controller, you're able to define multiple static IPs and route them as you wish, in my case separate VLANs to specific static IPs. The controller UI still isn't perfect but it's much better than it was 6 months ago.

I’ve had my UXG Pro for about a year. It’s been absolutely flawless so far.

i appreciate you Tom, thanks for all you do to educate

I love the new starter promo for your company and services. :)

Just about to watch the video, but I have to say....THANK YOU!!!! This is exactly the video I was hoping to see.

I got one not thrilled with it yet but hoping they make it more usable...
It has fewer options the the USG Pro but with more capable hardware.

I just bought this unit and this weekend I’m going to be replacing the 1st gen of the router with this new one. I’m doing this to add 10 gig support and this is the first step

Awesome video as always great work thanks for doing this video!

I have one and have since EA, but I basically didn’t end up using it until it came out of EA. As a prosumer with an IT background, it works okay as firewall for someone who wants to be self hosted (I outgrew the CloudKey Gen 2+), but didn’t want to be tied to the Unifi OS consoles. I find that I want a little more than what Unifi switching can do, but so far not enough to justify migrating away. I’ve moved to Ruckus Unleashed APs, so moving away from Unifi may end up in my future, but the price point is reasonably good for what you get and justifying replacing everything is pretty tough.

The UXG-Pro is half-baked. This thing needed to have multiple 1/10Gb interfaces that can be configured as WAN or LAN (internal network, DMZ, ... etc). It needed more CPU and memory for handling IDS/IPS, optional BGP routing and large routing tables in memory, NAT, Next Gen firewall features, WAN load balancing, link aggregation of LAN ports and room for more features in the future. They could've put the $269 Aggregation Switch port configuration in a new chassis with the features stated above. They could also develop a code train for the UDM-Pro line that has a simplified network controller that leaves out the redundant features of UXG-Pro and allows it and its interface to be adopted and integrated into the UDM-Pro's web interface (single pane of glass). This could also be the case for the Protect NVR interfaces as well. This would offload those processes, leaving more resources to the UDM-Pro for running Talk, Access, Connect and UID. Then maybe they can consider making the drive bay in the UDM-Pro useful for logging when not running Protect.
The switches, wireless and other Unifi offerings are great for the price and features. Make it a legit firewall with some "real" routing features.
Sadly, this will probably never happen.

They had an opportunity to fix some of the missing parts in UDM Pro, which would have made sense with the name of it. Redundancy would be a major part of that. The ability to have two of these in failover mode alone could have made us switch from UDM Pro to it in the office. But why are there only these few ports on it? At least two SFP+ ports for WAN and two for LAN would be the minimum. It's also the same processor as UDM Pro, which means it can't do full 10gbit with full protection on. To me this is just a UDM Pro minus some features and more expensive. It makes no sense.
The only plus is that it can use other controllers. But in practice almost no one cares about this unless they run many sites.

Whooo hooo. I account for 4 of those UXGs on Hostifi. Adding 4 more in the next week.

Thanks Tom. I was literally watching a different video on the UXG Pro when I received a notification that your video just went live. While not a review I agree with all of your points. There is a distinct lack of details on the UniFi store site and for having been in beta essentially for 2 years there should be plenty of metrics for routing speed with and without IDS etc. I was trying to find out more details about the dual-WAN ports such as does the UniFi controller software only support WAN failover or also WAN Aggregation and so far only other videos I can find on the UXG Pro were from 2 years ago and very little since then. I imagine now that it is generally available there will be some reviews coming soon but as you rightly point out there is really nothing new here hardware wise and all the features are driven by the controller software other than actual dual WAN ports. Keep up the great work, really enjoyed your video about pfSense Backup and Recovery and just started the recent David Bombal interview with you on Real World pfSense which looks to be a great interview.

New business intro is great 👍

Tom do you know of any apps / software that will allow you to view all pfsense firewalls in one place like a central management sort of thing?

Hello Lawrence, i have a question i have a Nighthawk Netgear M6 hotspot that has a ethernet out which i am using to connect some devices that need internet access at a remote site but i am looking to put a firewall in between for security, what do you recommend I use? thank you in advance

I want to replace the UDM-Pro we have that's been controlling 45 APs and 13 switches.... brings the controller to its knees all the time to the point where I'm having to regularly restart unifi-os. This could be the solution as I don't use the UDM-Pro for anything other than routing. Not the best solution, but should work.

Any idea on how I can get ADVA FSP 150-GE102PRO to work with a switch.

Doesn't UniFi Network now have full L2TP VPN with RADIUS user management and site-to-site?

would you not be better off buying a UDM PRO SE over this?

Does UniFi even sell the USG anymore?
If mine dies what would you recommend in the $200-$300 range... without building my own.

I really want to replace my old edgerouters with something I can control from the Unifi UI, but I need something that can do VPN and dual-WAN load balancing. But right now the edgeOS is so much better, and the UXG won't have load balancing until an as yet unreleased and untested 7.1.55 firmware update.

Hi if I want to build a home network what to use dream machine pro se or pc With two network card or Some other stuff do you have a video about it and pros and cons thank you very much before hand

I thought UDM-Pro would support multiple configuring multiple static IPs through the GUI? That being said shouldn't the UXG-Pro?

I would never buy a a Unifi Router anymore. As soon as you want to do not just a very basic thing those devices limit you very much and they are slow. Replaced my USG G3 with a pfsense box and never look back anymore. Their switches are ok and their access points are very good, but those security gateway are lackluster, lack features, are slow and dont see much development.

I love Ubiquiti and it's all I use/sell these days. I don't really see a need to upgrade from my UDM-Pros for this either or really know where I would use this. It seems like they are trying to aim Unifi at the Enterprise market but this is not it. What they need is something more Edgerouter Infinity on the WAN side of things with a Unifi/Usg front end if they want a router in the same enterprise class as their higher end Unifi switches seem to be aiming for. On the SoHo/remote office side of things which is most of my business the Dream Machine fits the bill but would be perfect if it had 8 POE Lan ports(I mean come on), at least one more SFP port that could be wan or lan preferably 2, multiple wan ip/failover/load balancing that the lower end ERXs have without losing the Gig throughput then it really would be a dream machine. Like many others have said it seems like Ubiquiti runs a good race but falls flat at the end. Unifi Protect? Great I got some cameras they look good easy to set up but the first thing I wanted and my customers ask for "Can I get a notification on my desktop and maybe a window to see who is walking in" and yeah no Windows app at all that even the cheap cameras have. Unifi Talk? Great. Oh no analog ports well that rules out most of my use cases. Their nonstandard POE that varies from device to device even in the Unifi ecosystem. They have all the pieces in house to make a really great product but...

Would you review your statements with the new software release now ?

when can we use site 2 site vpn without static ip in usg.
Thats the primary thing why i put sophos utm or xg home to my colleques.

Hi I have really enjoyed your channel. With all the products you have used and talked about. I do like Unifi but also EdgeMax and others.
Which route would be the best to start with is setting up a home testing center to dig more deeply into networking?
As you have mentioned Unifi routers and firewalls leave a lot to desire. Is there one product you would recommend or a blend of products like Edge Router and Unifi AP?

Rewatching this now a year later. A lot more specs have come out, thank goodness, but also the UXG-Lite is being released also, which is a true USG 3 replacement. Also it seems Wireguard is now supported :) Unifi are getting closer with their offerings

Hi Tom, have you considered revisiting this device with the new added features? If you should buy or not? If the memory is sufficient/upgradeable? Etc.

As you say, its all about use case, something missing from the current USG's is the newer routing policies that the UDM/P/SE/R and will be part of the UXG line, but thats still WIP

Hey. I know you've said the VPN is not great due to L2TP. Could you explain a little more why you stay away from that protocol for VPNs?

hi,
perfect video.
i using a windows machine or a linux machine with unifi controller and do portforwarding to access from all my sites.
Best idea.

I bought it for my new house that is being built and I am laying out the woodwork for future 10G. (Some of my devices support 10G). Yes it is overkill, and I get it, but I want it and I like gadgets. 🤓

Can you.ad PIA vpn on it like pfsense?

Today I have the EdgeRouter Infinity ER-8-XG, is there any benefit to move to the UXG Pro?
I have a cloudkey G2, Unifi Switches and Access points.

Do the 10 gig sfp+ ports / adapters support 2.5gig and 5 gig connections?

Another good video!
Suggestion for a future video on related topic of Ubiquiti limitations: How the UDM Pro doesn't seem to have the hardware to handle even a medium (5 camera) size deployment.
I recently overhauled my entire home network to the latest Ubiquiti Unifi products after much deliberation and research and thought I had my all-in-one solution. I've been mostly satisfied with my decision until recently when I replaced my existing PoE cameras with Unifi devices to run on Protect, as was the plan from the beginning. Much to my chagrin, even this smallish scale amount of cameras causes the device to chug on trying to serve up live stream feeds to security display devices. Digging around on forums lead me to the commonly held notion that the RAM on this device isn't matched to the company's claims and a nightly reboot appears to be the "solution" to this issue. Sure enough, once I reboot my UDM Pro it will work fine for the next 8-10 hours or so.
As you can imagine, I'm incredibly disappointed as I thought that all-in-one would mean that the same company produced and developed the hardware & software meaning they would all play nicely together eliminating the previous weirdness I had with devices sourced from various manufacturers. Now it appears as though all I did was shift some money to another brand for similar unforeseen issues. For a device with the word "Pro" in the name you'd think it would be equipped to handle at least the more basic features of the manufacturer's claims. Ideally I would have probably 8-10 cameras (if they ever got the ones in stock I'm waiting for... that's another topic entirely) but I can't imagine how this device would perform then.
I wish I had known about this "known issue" before putting my eggs into this basket. I haven't seen anyone on RUclips talk about this and the info I found on forums is sparse at best. It wouldn't surface unless you were specifically looking for it. This is a real issue and I'd like to see people such as yourself talk about it to bring it to the attention of Ubiquiti to potentially be resolved as well as warn others who are considering so they can make a more informed decision.
Thanks for your time and thanks for your videos as, over the yeas, I've always found them helpful and interesting.

It has the same processor as the UDM Pro and 2 Gb less ram

At the end, it's just the old USG on steroids again, just like the UDMPs, but now adoptable on external UniFi Controllers. Higher throughput capabilities and the same very old limitations that even $50 routers from other brands don't have. Might fit the needs of some, but really not a serious "firewall" option for the majority.

I have the UDM-PRO, don't buy it or it's siblings. Unifi routers are shit. Tried all release channels of the FW/SW, they are all unstable in one way or another. For example right now I can only access Protect and not Network, it just does not load. Need to access it via SSH to restart the Network container/service etc. It's never up when you need it. Most faults do not compromise the internet uptime, but still irritating as hell not to be able to access the router management pane and don't get me started on the lacking functionality in both HW and SW compared to pfSense....

0:36 seconds in … in the self-promo section … “Aggravating switch” … 🤣

I notice that Zyxel are offering a similar design and product line , i would like to see a reveiw that is not unifi based home network, the problem i have is every time my computer needs a reinstall the damned controller goes with it and i have to reset all my devices currently 2 this is a major problem for me

Can you do a comparison of UDM Pro and UXG, software and hardware?

The UXG Pro is not a 'replacement' to USG Pro 4 because of the different OS. The UXG Pro runs the Unifi OS not the previous EdgeOS. This means you can not do config.gateway.json relevant changes. I must have this feature so that I can intercept rogue devices that ignore DHCP assigned DNS servers, reroute/masquerade the query, and force the gateway to push the query through a pihole pair. I'm not aware of any configuration options in Unifi OS that allows for this.

Isn't it "just" an upgrade to the 4G? As an upgrade for that one, this certainly fits the bill. The 4G has some serious speed limitations with IDS/IPS.

On the same page with you, well said

Is there a replacement for the smaller USG yet? The UXG-Pro is too expensive for some smaller installs

Did you ever do that review?

There’s a good reason they aren’t really “pushing” into the enterprise market…..and we all know why. Example, I have about 4,000 users across 50+ offices and 12 global data centers. How could I EVER consider this over Checkpoint? How about Palo Alto? Every “security” product has IDS/IPS, DPI, NAT’ing, decent L3 options like BGP, OSPF, etc.
Now, in case you haven’t figured it out yet, they aren’t even close to being “in class” with competitors that do AppID, machine learning, MITM SSL Decryption, firewall policy/rule based QoS, per vINT max concurrent session control, granular per CVE based control policies, GRE tunnels to cloud providers, EDLs, etc., etc. I can go on and on, fully understanding that this isn’t priced anywhere near these competitors, but it’s still not in the big leagues yet. Ubiquiti has come a long way, I know, and their prices are fantastic. However I couldn’t see anyone even ditching an ASA for a UXG any time soon, and the ASA is over a decade in age and still does plenty that the UXG can’t do.
Bottom line is that Ubiquiti needs more features, more security centric ideas built into them. They could be so much more, and they could disrupt the entire industry if they focused more and more on enterprise security and kept their already disruptive pricing. But as it stands now, they are still a solution for SMB, not enterprise.
Also, I’m not a hater. I have UniFi CKG2+ as well as APs, cameras, etc in my home, my parents home, my in laws, and several moonlight clients. The reason? Price to performance and SMB requirements.
Love the content!

im looking at this uxg-pro for use as my router in a setup like this:
ISP Fiber in > UXM-PRO > 2.5 gb Switch > WIFI 6e access point.
Anyone see any issues with what im doing? i feel like im missing something

Nice to have 10gb wan, I am looking to get 2.5Gp Up and Down from my ISP

What's the difference between (UDM Pro / UDM SE) vs (UXG-Pro-US+cloud pro-gen-2)?

Have you gotten unifi USG to work with Starlink?

I saw the announcement yesterday and tbh it's looking like a pretty useless thing to me.
At least redundant 10g Ports / optional fw redundancy should show up. Not so much about what it lacks as a firewall, but about how it isn't even complete for what it *can* do.
Some fortigate will not run more than roughly 3* this price - for a full feature set & hw coverage
The USG isn't economical in that case.

Ive had mine since beta and I love it.... super solid performance.

Tom speaks the truth. I ran a USG4pro for 10 years. It was an awesome prosumer firewall. Running IPS with a 250mbps limit did not bother me when I had cable at 300mbps and I did not need more advanced features at the time. I was however hart-broken with every Unifi release that they had not added anything new or amazing. Each upgrade it felt like there was however an ever more impressive dashboard of nonsensical stats.
A year ago I bought a home that had gig fiber and the thought of giving up over 700mbps of speed just to stick with Unifi line bummed me out. I'm sure the UXG-Pro can do IPS faster than USG-4 Pro. Could have plunked down $500 and kept waiting for those promised new bells and whistles or I could move away for what is available now. So in November I ordered a Netgate 6100.
While I waited for it I built a pfSence on an old dell PE2950 with dual 10gig SFP+ nics, it worked flawlessly. Now that I have the 6100 I have to say Netgate and pfSense really impresses me. Yes it takes more effort to configure things, vLANS, firewall rules, VPNs, etc , but there are so many more options and the add ons. I've been wanting to play with nTop for many years and just never found the time to configure it all, with pfSense and LTS had it up and running after watching a 30min video.
Thanks Tom for the info you, Keep up the good work

hi lawrence, I 'm looking for a good home firewalling device with NEXT GEn firewall capabilities but without all the real licensing hassles , do you have one or two suggestions i could investigate ??

I don’t quite understand why this, setup my small business with UDM pro, it has almost everything.

Yeah, the lack of basic router features is why I'm moving away from having any ubiquiti great at the edge of a network.

Should you buy? No. Unless you have the barest of needs for a firewall/gateway.

Can get a nice netgate device (when in stock) for that price.. And will do so much more. Or I just got a used super micro on ebay for about 250 and it will do way more. Ubiquiti routing is just never going to be that useful

they created a new category on their store called routing offload and stuck the usg pro in there...i just found it while watching this video

Dual WAN, FAILOVER ONLY..................... STILL!

I think the Unifi gateways are expensive and rack mounted. I think Ubiquiti should have some hardware to compete with Omada ER605 for example.

Thumbs up if you also want a replacement of the current USG-3, with modern hardware and performance.

I wish UXG existed, like a router without nvr and other things from Unifi

A few years ago I got Unify WiFi. I was super happy with it in my house: does wifi routing, roaming and balancing smoothly.
Last week I decided to extend my home network (500MBps) with USG Enterprise Gateway.
I expected to see great traffic control and easy security management without hassle.
I have exactly the same issue - specs looks like it could support up to 1Gps but it simply CAN'T support 500 Mbps (250 was my best without threat management).It also does NOT have any cool features out of the box.
Will think about the dream machine.

How you release a product with dual wan connections and choose not to support load balancing in your software, is beyond me. Ubiquiti seems to half-arse everything.

It's under routing off-load, I had a hard time finding it too

Dell R210 II w/Pfsense is still greater than UniFi UXG-Pro in 2022.

Ubiquiti won't even create a spot to input A records into the DNS service. People are able to perform that in the CLI (not persistent) but I would have expected that this would have been a super easy win (easy to implement, would be used by a LOT of users).

Is ZFS as flexible as Synology SHR?

The UXG is under routing offload . Great video

I have been using the Pfsense firewall for a few years now and wouldn't replace it, for the Ubiquiti dream machine.
Lots of missing features and for its cost is not worth the purchase.

I'm waiting patiently (naively too?) for the UDR to drop at $79 cause that's the only price point that I can justify at this stage :(
Until then suffering through pfsense and its 3 pages of settings for every tweak you want to do

Not sure why Ubiquiti just don’t enable the UISP Console to work in the UniFi universe it should be the new USG with a pro version being a version which is a cross between it and the enterprise 8x2.5gb switch.

On all my unifi wifi systems I just go with mikrotik routers.

Damn Ubiquiti.... All these years and still no native support for an OpenVPN or WireGuard server... Soo annoying.

TL;DR Ubiquiti needs more software, not more hardware. The UXG-Pro doesn't offer much advancement due to lack of implementation of advanced features in software.

I really liked Ubiquiti/Unifi but they have really been disappointing lately. First, they are always sold out. Can no longer get just the USG where I can vlan and traffic shape and have a lite UDM. Their switches prices of more than double the last couple years. I really think I'm going to find alternatives. Any recommendations here?

It's the same hardware as the udm-pro I think.

I agree with you i like this system But the information and product guidelines here. Not conducive to customer system planning.
Many network systems are planned and designed for 3-5 years of maintenance. But he acts like an apple product. which we do not know anything from here an obstacle to planning
We have to wait for the products to be released and wow, from now on, let's make a plan.
I hope he will do better communication and marketing with customers.
Now it's like working only in the software department, maybe just UI but the hardware slowly sipping coffee. or maybe both
However, there should be a clearer product scope Despite the lack of chipsets.

And now finally in the EU store at £461. Wow...

Unifi enterprise xg doesn't do ACL but it's advertised as a L3 switch or L3 features if you look at the small print. I would have sent it back but I had it for 3 weeks before I opened it up. Yes it's cheap because it doesn't do so much essential and basic things other switches do. The Unifi range is for basic plug and play home user devices. Do not I repeat do not use unifi for business.

I don't have any issues with Unifi's L2TP/IPsec user VPN approach. L2TP/IPsec is already built into Windows, macOS, iOS, and Android devices, thereby not requiring 3rd party add-on utilities. The ever-present protest by _Lawrence Systems_ that "Unifi doesn't support OpenVPN therefore Unifi gateways are subpar except for home use" is a false narrative. OpenVPN is a relatively new (read unproven) technology, and it's not actually that "open" in that it's narrowly controlled and is actually fee-based on the server side. Monthly fees for your UXG OpenVPN add-on service anyone?
My objective in setting up the networking for my business is simplicity, low IT overhead, and RUclips community support. While networking concepts are in my wheelhouse, I'm about to retire and pass the business on to the next generation. Having a complex hodgepodge of technology from different vendors is a nonstarter for the upcoming generation. With multiple offices and factories in 3 states, a front-to-back Unifi solution keeps both complexity and network management time to a minimum.

First

As long as their router/firewall software remains the same, you shouldn't buy any of their routers/firewalls.

Terrible equipment. Can't stand their adoption bs. Pfsense and cisco for the win 🏆

I really like your videos man! However in your intro where your promoting your business and Patreon, it's just too much man. It's too long and feels intrusive to the video. I hope you don't put that in your future videos as you will quickly see how many people hate it and skipped over it.

No one can buy anything, they never have any stock!

Just like a politician. Your lips were moving but you weren’t saying anything.