Ubiquiti manufactures networking products (routers, switches, wireless etc) that can serve in a broad range of implementation cases, from Home networks up to large Enterprise environments.
The USG (UniFi Security Gateway) and EdgeRouter devices are two product lines that target a similar market – I would say the SOHO and SMB enterprise market (although there are higher-end models that can be used in larger corporate networks) – so these two product series are very often the subject of comparison among professionals and users.
In this article I will describe and compare three “entry-level” models namely the USG-3 Security Gateway, the new EdgeRouter 4 and finally the EdgeRouter Lite.
These 3 models are at the lower-end of the spectrum in the product series but they include some networking/security features and hardware specs that are usually found in enterprise-grade networking equipment.
Before diving deeper into the details of each device, let’s first see a high-level side-by-side comparison of the three routers.
Comparison Table
(packets per second)
(packets per second)
(packets per second)
(1 or 2 WAN
1 or 2 LAN)
1 SFP (for fiber)
Command Line Interface (CLI)
Graphical GUI (UNMS)
Command Line Interface (CLI)
Graphical GUI (UNMS)
Command Line Interface (CLI)
Both Site-to-Site and Remote Access VPNs supported.
Both Site-to-Site and Remote Access VPNs supported.
Both Site-to-Site and Remote Access VPNs supported.
(packets per second)
(1 or 2 WAN
1 or 2 LAN)
Command Line Interface (CLI)
Both Site-to-Site and Remote Access VPNs supported.
(packets per second)
1 SFP (for fiber)
Graphical GUI (UNMS)
Command Line Interface (CLI)
Both Site-to-Site and Remote Access VPNs supported.
(packets per second)
Graphical GUI (UNMS)
Command Line Interface (CLI)
Both Site-to-Site and Remote Access VPNs supported.
Last update on 2023-09-29 at 12:08 / Affiliate links / Images from Amazon Product Advertising API
* NOTE about IDS/IPS:
- If you enable IDS/IPS on USG device, the maximum throughput will drop to 85 Mbps according to Ubiquity. People in forums mention speeds up to 100-110 Mbps with the IPS/IDS enabled.
- Also, because of limited RAM on the USG, only a limited selection of IDS/IPS categories can be enabled (11 out of 41).
My Quick Recommendations
If you don’t have the time to read the whole article and want to get a quick recommendation and summary of each Ubiquity model, here is what I think about each device:
USG
- If you have other UniFi devices in your network (or are planning to buy products in the UniFi series) such as Unifi wireless Access Points, switches etc, then the USG is a great choice to integrate with the rest of the network and manage everything centrally with the UniFi Controller software.
- If you are replacing a consumer router in your home network or small office, generally I would say the USG model is a better replacement compared to an EdgeRouter. It’s easier to manage and configure and provides much more speed and throughput compared to regular consumer routers.
Check Price and Reviews at Amazon
EdgeRouter 4
- Being the most powerful router gateway in this article, it can easily handle a lot of traffic and WAN links of 1 Gigabit (being Fiber, PPPoE etc) without any problem.
- Great for Medium to Large Enterprise networks or even Home networks with Gigabit ISP speed.
- If you are experienced in networking and firewall/security concepts, the ER-4 is excellent choice because it provides flexibility in configuration of advanced features on the management UI.
- Granularity of control since everything can be configured with the Web UI and CLI.
Check Price and Reviews at Amazon
EdgeRouter Lite
- The ER-Lite is exactly the same hardware as USG.
- It does not integrate with UniFi Controller for management but it offers its own Web GUI for management which is more powerful and full-fledged compared to Unifi controller.
- If you want the control and advanced features of EdgeRouters but have a limited budget, ER-Lite is a good choice.
Check Price and Reviews at Amazon
Unifi Security Gateway (USG) Brief Review
- 3 Gigabit Ethernet ports, CLI management for advanced users
- 1 million packets per second for 64-byte packets
- 3 Gbps total line rate for packets 512 bytes or larger
Last update on 2023-09-29 at 12:08 / Affiliate links / Images from Amazon Product Advertising API
The “UniFi” group of products fall into the SDN (Software Defined Networking) philosophy whereby the whole network and devices are centrally controlled, configured and monitored by a software management application.
USG is the entry level router/firewall product in this series. The other options include USG Pro 4 and USG XG-8 which are much more powerful in terms of hardware performance.
Hardware Specs
As you can see at the processing specs of the USG (CPU, RAM), these numbers are quite good for such a small device, however when you start enabling some “heavy” software features (such as Deep Packet Inspection, IPS/IDS etc) then the performance will drop significantly as we will see later on.
With 1 Million pps (on 64 Bytes packets) and approaching the line rate of 3 Gbps with larger packets, its speed throughput is quite impressive and can easily handle traffic demands of small to medium networks (or even enterprise level environments).
The physical interfaces of the device include the following ports:
- 1 Dedicated Gigabit WAN port (10/100/1000 Mbps).
- 1 Dedicated Gigabit LAN port (10/100/1000 Mbps).
- 1 Gigabit port that can be configured as either a second LAN or WAN.
Don’t let the number of LAN ports fool you because you can always split a single LAN port into multiple VLANs thus creating many Layer 3 subnets. This is useful if you want to segment the internal LAN into different networks (e.g server subnet, user subnet etc).
As far as hardware is concerned, the Ubiquity USG (square box device) is the same as the EdgeRouter Lite. This shows also in the comparison table above. If you look at CPU, RAM, Layer 3 Performance and ports you will quickly see that USG and EdgeRouter Lite use exactly the same hardware.
Management
All of the “UniFi” models (including the USG we are discussing here) are managed and configured using the UniFi Controller management software which provides a centralized management platform.
The Management aspect is probably the biggest difference between UniFi USG and the EdgeRouter models, not only the ones we are comparing in this article but also all EdgeRouter devices.
Here are the Management options for USG:
- On-site Management Station with Unifi Controller
- Off-site (cloud) Management with Unifi Cloud Controller
- UniFi Cloud Key
The first option above is free. You can download the Unifi Network Controller software, install it on your local computer (Windows etc), connect the local computer on the same Layer 2 network as USG and that’s it.
The second management option (Cloud Controller) is a paid service and you can manage your Unifi devices from the cloud.
The Third option above is the best in my opinion. The Unifi Cloud Key is actually a Linux PC on a stick which runs a local instance of the UniFi Controller software and also provides you with access to the cloud management platform. So essentially it offers a hybrid management approach of both local and cloud access.
NOTE: You can configure some advanced settings of USG using the Command Line Interface (CLI) although this is not recommended by the vendor.
Software
USG is running on EdgeOS software which is a fork of Vyatta’s OS (now owned by Brocade). The same operating system is powering the EdgeRouter devices as well.
Although you can connect with SSH to a USG device and start configuring things with the CLI, the changes will not be permanent because they will be overwritten by the UniFi Controller management software.
In order to make persistent changes to the configuration of USG (e.g advanced routing configuration, advanced QoS, policy routing etc) you must make the changes in a json file (config.gateway.json) which sits in the controller filesystem and allows custom changes to the configuration that are not available in the GUI interface.
Regarding software features, the USG has the same networking and security capabilities as the EdgeRouter and even more. It supports for example IPS/IDS (Intrusion Prevention/Detection System) which is a security mechanism to inspect the content of the traffic for identifying attacks.
With IPS/IDS you can enable certain attack categories (which are basically known signatures of attacks). The USG3 supports a subset of IPS categories and if you enable them the maximum throughput will drop to around 85 Mbps according to the vendor.
Another advantage mentioned in forums about USG, is that Site-to-Site VPN on USG is much easier to configure in the GUI (if you have another site with a USG) compared to Edgerouter.
To summarize, the USG supports all the software capabilities of the EdgeRouter but you have to configure it via the GUI unless you want to mess with CLI.
However, the GUI via the Unifi Controller allows basic settings to be configured (a subset of all the possible settings) which is great for people who are not networking gurus. For more advanced configuration you must SSH to the device and configure the advanced settings with CLI by changing the custom json file (hard to do).
Check Price and Reviews of USG at Amazon
EdgeRouter (ER 4 / Lite) Brief Review
- (3) 10/100/1000 Mbps Ethernet ports, (1) RJ45 Serial and (1) SFP port
- Max power consumption: 13 Watts
- Desk, wall and rack mount options
Last update on 2023-09-29 at 12:08 / Affiliate links / Images from Amazon Product Advertising API
In this section I will discuss the EdgeRouter (both version 4 and Lite) and see how they compare with USG.
Unlike the UniFi gateway line which includes only 3 models, there are several models in the EdgeRouter product series. Some of these models (at the time of this writing) are:
- ER-X
- ER-X SFP
- ER Lite
- ER 4
- ER-8 XG
- ER 6P
- Etc
Hardware Specs
As we have mentioned in the USG review section, the ER-Lite is exactly the same hardware as the USG, so in this paragraph I will discuss the ER-4 only.
Looking at the specs, it’s obviously a more powerful device with double the CPU and RAM performance compared to USG. Moreover, packet performance (Layer 3 throughput) is 3x times better with 3.4 Million pps (on 64-bytes packets).
The physical interfaces of EdgeRouter 4 include the following ports:
- 3x Gigabit ports (10/100/1000 Mbps).
- 1x Gigabit SFP port (for connecting to optical fiber cable)
The physical interfaces can be connected anywhere you like, i.e WAN, LAN, dual-WAN etc.
Moreover, each physical interface can be split into VLANs, thus supporting multiple Layer3 subnet networks (useful when segmenting an internal LAN into different firewall zones, creating a DMZ firewall zone to connect public servers etc).
If you don’t enable DPI or QoS, the EdgeRouter 4 can easily handle a Gigabit WAN link at full 1Gbps speed without dropping a bit. If you enable QoS the speed throughput drops to about 500 Mbps according to a user who actually tested this on his own network.
The above speed (500 Mbps with QoS enabled) is still impressive and certainly much bigger than regular consumer grade routers.
Obviously, the EdgeRouter 4 can be easily used in larger offices or enterprise networks and can handle the traffic sent to it at the fraction of the cost of buying a router from another brand (plus, it works also as a firewall as well).
Management
All EdgeRouter devices are mainly managed by individually connecting to them via a Web GUI interface. However, there are other options as well as shown below:
- Web GUI (manage each device with your web browser)
- Management Software GUI (UNMS – Ubiquity Network Management System)
- Command Line Interface (CLI)
As I have said before, the Management is one of the main differences between USG and EdgeRouter. For the latter, there is no central management software (like the Unifi Controller) that can configure and monitor all of the devices in the network.
However, the Web GUI of EdgeRouter is capable to configure almost ALL settings and features of ER, even the advanced settings (unlike the Unifi controller which supports configuration of mostly the basic features of USG but not all advanced settings).
Software
Running on EdgeOS, the EdgeRouter supports all of the networking and security features you can find in higher-end enterprise devices. This is actually like getting both an enterprise class router and stateful firewall on the same box.
Compared to USG, the only difference in features is that ER models do not support IPS/IDS like the USG. If you really need to have such a functionality in your network, you can always use an open source IDS software (like snort for example) and just send traffic to it for inspection (with a mirroring port/VLAN).
Although you can use CLI access (with SSH) to configure anything you want, almost all features (both basic and advanced) can be configured with the Web UI. Users that are advanced in networking and security love this capability. On the other hand, people that are not networking gurus will find the Web UI overwhelming.
Check Price and Reviews of EdgeRouter at Amazon
USG Vs EdgeRouter 4 / Lite
I’m sure that from the reviews above someone can extract the main similarities and differences between these products from Ubiquity. Let me summarize them below:
- What sets the USG device apart is its ability to be integrated with the UniFi Controller and the whole UniFi ecosystem. If you have other UniFi devices in your network (or are planning to purchase such devices) like UniFi WiFi Access Points, Switches etc, then the USG is a better choice because it will be managed centrally from the same controller software.
- If you are not a power-networking user and want a more user-friendly and easier way to configure your device, then USG is easier to manage and configure compared to EdgeRouter. However, keep in mind that the controller management software of USG offers only a subset of all the features actually supported by the device.
- If you want more flexibility and control in setting up your device and you know what you are doing in terms of networking and security, then EdgeRouters are a better choice and offer all configuration options (both basic and advanced) in the same Web GUI.
- If you want sheer power and performance, then EdgeRouter 4 is the way to go compared to USG.
- If you just want to install one router in a SOHO or SMB network with firewall features and advanced networking and you don’t want central management etc, then EdgeRouter Lite is a great choice.
Related Posts
- 12 Best Computer Networking Books for Beginners & Experts
- Best Network Ethernet Switches – Gigabit-Managed-Unmanaged
- Discussion and Explanation of OSPF Graceful Restart and Shutdown
- Explanation and Configuration of OSPF MD5 Authentication on Cisco Networks
- Comparison of BGP Confederations vs Route Reflectors