fbpx

Ubiquiti Unifi Security Gateway (USG): Everything you need to know

The Ubiquiti UniFi Security Gateway (USG) extends the UniFi Enterprise system to networking by combines high performance routing with reliable security features. The unit is packaged up in a slick looking, wall-mountable, cost-effective unit.

There are USG models available:

  • USG-PRO-4: Rack-mountable form factor with fiber connectivity options and a dual-core, 1 GHz processor for maximum hardware‑accelerated performance.
  • USG: Wall-mountable form factor with a dual-core, 500 MHz processor for standard hardware-accelerated performance.

Although this article is written specifically with the USG in mind, many aspect will still apply to the USG-PRO-4.

Why would I use the Ubiquiti USG?

The Ubiquiti USG is an enterprise grade networking and security solution that has the horsepower to handle significant throughput requirements.

If your internet is unstable and you find yourself constantly resetting your router, then there is a good chance that your router is the source of your problems, especially if you are using a consumer grade router (particularly the free ones provided by your internet service provider).

I had endless internet issues on my home office network so I made the decision to upgrade it with Ubiquiti components. My first upgrade was to replace my three TP-Link TL-WPA4220 powerline wifi units with three Ubiquiti AP-AC-Lite access points and see how that improved my network. This first upgrade went well and I had an immediate increase in the range of my wifi but i continued to have dropped Skype, Whatsapp and Facetime calls and intermittent connection issues.

I had always suspected that my TP-Link DSL-2740U router was having difficulty handling the 30 odd devices on my network so I decided to go with a full Unifi setup and replace the TP-Link DSL-2740U router with the Ubiquiti USG. After the upgrade, my network and internet connection has been blazingly fast and all those dropped Skype, Whatsapp and Facetime calls are a thing of the past!

To top it all off, the Unifi Conroller provides a ton of interesting statistics about internet use on your network 🙂

Everything running smoothly with my Ubiquiti USG and 3 Ubiquiti AP-AC-Lite access points

What is the throughput of the Ubiquiti USG?

Here are a few estimates of throughput that you can expect from the Ubiquiti USG. Some services such as DPI, IDS and IPS will significantly reduce throughput as they are not hardware accelerated and are therefore bottle-necked by the capacity of the USG’s CPU.

Ubiquiti UniFiUSG
Deep Packet Inspection (DPI) Throughput930 Mbps
Unifi Threat Management (UTM) Throughput85Mbps
Intrusion Detection System (IDS) Throughput80 Mbps
Intrusion Prevention System (IPS) Throughput80 Mbps
Quality of Service (QOS) (SmartQueues)60 Mbps
VPN Throughput10 Mbps
IPSec Tunnel1Gbps

Can I integrate the Ubiquiti USG with Home Assistant?

Yes, if you own a Ubiquiti USG and you are running Home Assistant, then you really need to link the two together. The primary reason for integrating your Unifi Controller with Home Assistant is to get state information of your devices connected to your network. For example, if you want to trigger events when you leave or arrive home, then you can use you connection to your network to control your home state. That way, you could trigger something like your lights to turn on when you arrive home.

To add your Unifi Controller as an integration in Home Assistant, all you need to do is open Home Assistant, click on Configuration > Integrations > + and then add the host IP address/URL and then the username and password of your Unifi Controller, simple as that!

Is the Ubiquiti USG for home use?

Yes, the Ubiquiti USG is for home use. The Ubiquiti USG is a highly capable UniFi Enterprise System that provides cost-effective, reliable routing and advanced security for your network. Although it is an enterprise networking product, it is priced at a level that makes with very affordable for home or home/office use.

If like me you have around 30 devices on your network (and even more when you have visitors), then you are probably starting to push the limits of your consumer grade router. Replacing your router with a Ubiquiti USG will give you more than enough capacity and a blazingly fast network.

Is Ubiquiti USG a firewall?

Yes, the Ubiquiti USG is a firewall and offers advanced firewall policies to protect your network and its data. The Ubiquiti USG enables users to configure WAN, LAN and Guest firewall rules over IPv4 and IPv6 networks. The USG can also create virtual network segments for security and network traffic management.

Ubiquiti USG Firewall Settings

Is the Ubiquiti USG a router?

Yes, the Ubiquiti USG is a router and supports IPV4 Connection Types such as PPPoe, DHCP and Static IP addresses. Plug your Ubiquiti USG into your fiber, cable or ADSL modem and it will route all of your network traffic.

Does the Ubiquiti USG have a built in DHCP server?

Yes, the Ubiquiti USG does have a built in DHCP server. This can be configured when you first plug in the USG and browse to it’s default ip address 192.168.1.1

Once the USG is provisioned, the DHCP can be configured further by opening the Unifi Controller then clicking on Settings > Networks > Local Networks, then select the network and click Edit onthe right hand side.

Configuring the Ubiquiti USG’s DHCP Server via The Unifi Controller

Is Ubiquiti USG a modem?

No, the Ubiquiti USG is not a modem, it is generally connected to a modem that provides it with a connection to the internet. In the case of ADSL, this would be ADSL modem connected to your telephone line, or a cable modem connected to cable line or a fiber modem aka Optical Network Terminal (ONT) connected to a fiber optic line.

The term modem is derived from the combination of combining two different words, Modulator and demodulator. For ADSL and cable, they modulate and demodulate signals that encode and decode information going over long distance copper lines. In the case of fiber optic lines, the modem or Optical Network Terminal (ONT) modulate and demodulate light/optical signals. So, the Ubiquiti USG requires a modem to connect to the internet.

How do you install & setup the Ubiquiti USG?

See the comprehensive video below with all you need to know about setting up the Ubiquiti USG. Thanks to Chris from Crosstalk Solutions 🙂

How to perform a hard reset of the Ubiquiti USG

If you need to perform a hard reset of a Uniquiti USG, then follow these steps:

  • Locate the reset button at the front of the USG. See image below.
  • Make sure the device is powered on.
  • Get a paperclip, insert it in the reset button hole and press the button until the orange LED on the WAN2/LAN2 ports (VOIP port on older models) changes from flashing quickly to not flashing.
  • Remove the paperclip and wait for the USG to reboot. Do not disconnect power during this process.
  • After reboot (+- 1 minute), you can access the USG on its default IP address 192.168.1.1 via the LAN port.

How to reboot Ubiquiti USG

  • Open Unifi Controller
  • Select Devices in the left hand menu and select the USG
  • This will open up the USG’s settings on the right hand page
  • Click on the three dots aligned vertically at the top of the section. It is just to the right of the green Connected indicator.
  • This will give you the option to restart or locate the USG
  • See image below for the more details
Access the restart button via the three dots aligned vertically

Can you used a Ubiquiti USG without a Unifi Cloud Key?

Yes, the Ubiquiti USG will function without a Unifi Cloud Key but it will need to be setup with a Unifi Controller running on hardware other than a Unifi Cloud Key.

The Unifi Cloud Key is essentially a small computer that hosts the Unifi Controller. You are however not required to run your Unifi Controller on a Unifi Cloud Key, it can be run for many types of hardware like a PC, Raspberry Pi or on a Synology NAS using Docker. The reason why a lot of people choose to use a Unifi Cloud Key is because it is always on, unlike your PC…

I personally have my Unifi Controller running on a Docker image on my Synology DS916+. As my Synology is running 24/7, there is no need for me to have additional hardware such as a Unifi Cloud Key. A Unifi Cloud Key also cost about $100 so I would far rather invest that in a Synology DS218+ that has a stacks of additional functionality. You can pick them up on Amazon for about $340 (excluding hard drives).

Unifi Controller running in a Docker Container on my Synology DS916+

Take a note of how little system resources the Unifi Controller is using while running inside the Docker container. Only 1GB of RAM and a measly 0.28% of CPU! A really cost effective option for those with a Synology NAS!

Will the Ubiquiti USG work without a Unifi Controller?

If you first configure a Ubiquiti USG via a Unifi Controller then if yo shut down the controller or if it we to go offline, then the Ubiquiti USG will continue to function. The only problem is that any statistics, logs, notification etc. will be lost while the Unifi Controller is offline.

Can the Ubiquiti USG be used for a Site-to-Site VPN?

Yes, the Ubiquity USG can be used as a Site-to-Site VPN. All you will need is two USG’s with both sites manage on the same site in Unifi Controller. You then just follow these steps:

  • Open settings in Unifi Controller
  • Browse to Networks
  • Select ‘Create New Network’
  • On the purpose option, select Site-to-Site VPN
  • Watch the video below by Willie Howe for the full setup

Ubiquiti USG vs edgerouter

From a hardware perspective, the Ubiquiti USG and Edgerouters are very similar. However, depending on the model, Edgerouters offer additional LAN, POE and SFP ports.

From a software perspective, the Ubiquiti USG and Edgerouters are quite different. The Ubiquiti USG integrates with the Unifi Controller making configuration simpler and more appropriate to less advanced users. The Edgerouter however is geared towards networking professionals with a lot of functionality being configurable via the command line.

I took a look at the Edgerouters but when I saw that they don’t integrate with the Unifi Controller and need to be configured via the command line, the Ubiquiti USG became the only option for me…

Recent Posts