McCann Tech

View Original

UXG-Max Preview: Modern Multi-Gig

Originally Posted: April 10th, 2024
Last Edited: April 27th, 2024


TL;DR:

  • The UniFi Gateway Max (UXG-Max) is the latest gateway from Ubiquiti, offering 2.5 Gbps WAN and LAN interfaces, with more power than the UXG-Lite

  • The UXG-Max is just a gateway — it does not act as a UniFi Network controller or Wi-Fi access point.

  • The Gateway Max is for sale for $199 in the US and Canada, with availability in other regions coming soon.


Last week, Ubiquiti released the Gateway Max (UXG-Max). Like the Gateway Lite (UXG-Lite) and Gateway Pro (UXG-Pro), it doesn’t run any software, and it doesn’t act as a UniFi controller. You need to pair all UXG models with a Cloud Key, Official UniFi Hosting, or a cloud/self-hosted UniFi Network application for management. They are the modern equivalents of the old USG and USG-Pro.

This preview will cover the specs, my initial impressions, and where the UXG-Max fits in the increasingly crowded UniFi gateway lineup. Before we dig into those details, we’ll cover the information Ubiquiti provided. See my UXG-Lite Preview and full UXG-Lite Review for more background and context on UXGs as a whole.

From the Ubiquiti store page for the Gateway Max:

Compact, multi-WAN UniFi gateway with full 2.5 GbE support for high-performance networking at small-to-medium sites.
- Managed with a CloudKey, Official UniFi Hosting, or UniFi Network Server
- Up to 1.5 Gbps routing with IDS/IPS
- (1) 2.5 GbE WAN port
- (4) 2.5 GbE LAN ports, including (1) remappable to WAN
- USB-C powered (adapter included)
- Managed with UniFi Network 8.1.113 and later

UXG-Max Preview: Modern Multi-Gig

Gateway Max (UXG-Max) Specs

  • Name: Gateway Max

  • SKU: UXG-Max

  • US MSRP: $199

Mechanical and Physical

  • Dimensions: 141.8 x 127.6 x 30 mm (5.6 x 5 x 1.2")

  • Weight: 520 g (1.1 lb)

  • Enclosure materials: Polycarbonate

  • Resistance: IK04

  • Ambient operating temperature: -10 to 40° C (14 to 104° F)

  • Ambient operating humidity: 5 to 95% noncondensing

  • Certifications: CE, FCC, IC

  • LED: Ethernet, White: link/activity

  • Button: (1) Factory reset

Hardware and Power

  • Networking interfaces:

    • (1) 2.5 Gbps RJ45 WAN port

    • (4) 2.5 Gbps RJ45 LAN port — (1) remappable as 2nd WAN

  • Management interface: Ethernet, Bluetooth

  • Power method: USB type C (5V DC/3A)

  • Max. power consumption: 9.6W

  • Supported voltage range: 100–240V

  • Processor: Quad-core ARM A53 @ 1.5 GHz

  • SoC/Chipset: Qualcomm IPQ5322

  • Memory information: 2 GB DDR4

Gateway Features

Performance

  • WiFi QoS with UniFi APs

  • Application, domain, and country-based QoS

  • Application and device type identification

  • Internet quality and outage reporting

Next-generation security

  • Application-aware firewall rules

  • Signature-based IPS/IDS threat detection

  • Content, country, domain, and ad filtering

  • VLAN/subnet-based traffic segmentation

  • Full stateful firewall

Advanced networking

  • License-free SD-WAN* (Site Magic)

  • WireGuard, L2TP and OpenVPN server

  • OpenVPN client

  • OpenVPN and IPsec site-to-site VPN

  • One-click Teleport* and Identity Enterprise VPN**

  • Policy-based WAN and VPN routing

  • DHCP relay

  • Customizable DHCP server

  • IPv6 ISP support

*When paired with a Cloud Key or Official UniFi Hosting.
**When paired with a Cloud Key.

Gateway Choice Paralysis

When the UXG-Max was announced, I was happy to see a model between the UXG-Lite and UXG-Pro. There is a big gap between those. For some the UXG-Lite is too limited, but the Pro is too big, too much, and too expensive. The UXG-Max fits in the middle, and it addresses the biggest limitaitons of the UXG-Lite.

I’m always happy to see more devices with 2.5 Gbps ports, and more options for self-hosted or modular UniFi networks. Most people don’t seem to have the same opinion as me, though. Reading through various threads, comments, and discussions on the UXG-Max, one of the main themes was confusion, and occasionally anger.

I saw many variations of:

  • I’m confused, which gateway should I buy?

  • Why wasn’t this released with the UXG-Lite? I would have bought this instead!

  • 2.5 Gbps interfaces, but only 1.5 Gbps of IDS/IPS throughput?! 😮

Those are fair questions, and I’ll try to answer them. Unless you’re a nerd like I am and study these products, it is hard to know what hardware you need, or which model you should choose. Additional choices are good, but too many can lead to confusion. With UniFi gateways, we seem to be well into confusion territory.

Unfortunately, you can’t just discuss the UXG-Max in a vacuum. It isn’t a standalone device, and it is only one part of a UniFi network. It handles routing, VPN, and firewall functions, while other devices are needed to run the UniFi Network application or handle switching and wireless duties. If that isn’t clear enough, refer to my UniFi Gateways Explained as Simply as Possible post for a more complete explanation.

Before you consider the UXG-Max, you have to answer a few questions. Do you want to self-host? Do you have or want a Cloud Key? Do you want a gateway with a built-in controller? Do you care about UniFi Protect, Talk, Access, or Connect? Do you care about centralized management for multiple sites?

The hardest part of discussing the UXG-Max is that you can’t put that context aside and just focus on the specs. You have to keep it in mind when considering a purchase, or comparing the UXG-Max to alternative UniFi gateways. I tried building a UniFi Gateway decision tree for this article but I gave up. It’s hard, even for someone who knows these products well.

Years ago we had a simple choice: USG or USG-Pro. Now there are 11 additional models with overlapping uses and features. To start, I’m going to put the Cloud Gateways aside and focus on just the UXG Lite, Max, and Pro.

UXG-Lite vs. UXG-Max vs. UXG-Pro

What is the Gateway Max and where does it fit? The easy answer is between the Gateway Lite and Gateway Pro. It’s between those two in price and capability, but closer to the Lite. It’s a desktop enclosure, powered by USB-C, and small enough to fit on shelf or slide under your cable modem.

As the name implies though, the Max offers a few advantages. In a way, Max = Lite + 3 LAN + all interfaces upgraded to 2.5 Gbps + Dual-WAN + more CPU power and throughput. It’s a little bigger and a little more expensive, but it addresses the biggest limitations of the UXG-Lite.

This is the way I see these models and what they are meant for:

  • The Lite ($129) is for small networks with a single WAN below 1 Gbps.

  • The Max ($199) is for small to medium networks, or enthusiasts. It adds 2.5 Gbps RJ45, dual-WAN, more power, and more ports. It is a big step up from the Lite for $70 more.

  • The Pro ($499) is for medium to large networks, or those with a network rack. It offers 10 Gbps SFP+ WAN and LAN, up to 3.5 Gbps IDS/IPS, and the most power you can currently get on a standalone UniFi gateway.

As always, consider your current and future needs, the size of your network, your Internet connection speed, and what you’re going to be using the network for. You should also try to leave headroom for growth or changes if you can. If your needs or budget are low, the UXG-Lite may be enough. If you can spare the extra $70 for the UXG-Max, I think that would be money well spent.

Sometimes it helps to just see all of the specs in one view.

USG and UXG Comparison Chart

UXG-Max vs. Cloud Gateways

Stepping back and adding all of the Cloud Gateways makes things much less clear. To quickly review, from low to high in price:

  • Cloud Gateway Ultra (UCG-UItra) - $129

  • Express (UX) - $149

  • Dream Router (UDR) - $199

  • Dream Machine (UDM) - $299, but not listed in store

  • Dream Machine Pro (UDM-Pro) - $379

  • Dream Machine SE (UDM-SE) - $499

  • Dream Wall (UDW) - $999

The newest and cheapest options are the easiest to compare, so we’ll start there. They aren’t exactly the same, but if you squint both the UXG-Lite and UXG-Max have silbings, which make different tradeoffs.

Siblings: UXG-Lite and UX

The Gateway Lite and UniFi Express have similar hardware. They are the same size, with a low power, dual-core ARM-A53 base and two gigabit RJ45 ports. Neither of them support dual-WAN, and the Express doesn’t support IPS/IDS. These are the lowest power and lowest performance options.

They are different, though. The UXG-Lite is just a gateway for a self-hosted and Cloud Key network. The Express can be everything all-in-one: controller, gateway, and Wi-Fi AP. It can also be used as a normal wired or wireless mesh AP in any UniFi Network.

For $149, the Express can be everything you need for a very small and limited setup. You can only add up to 4 additional UniFi switches and APs to it. If you outgrow the Express, you can repurpose it as an access point. If you’re starting from scratch and planning to expand beyond 5 total devices, you might want to look elsewhere. If you want to start small though, the Express is a flexible and easy way to do that.

For $129, the Gateway Lite requires a CloudKey+ ($199), Official UniFi Hosting server ($29+/month), or a self-hosted installation of the UniFi Network software. It can handle gigabit speeds, but only has one WAN and one LAN port. You can use just one, or deploy them at multiple locations, and control them all centrally.

With a CloudKey+ you’ll have access to all the other UniFi Applications, and a few network features which require Ubiquiti hardware. For cloud or self-hosted networks, you can scale this setup to cover hundreds or thousands of devices over multiple sites. You can also swap out the UXG-Lite for a larger model if needed, without changing your controller.

Siblings: UXG-Max and UCG-Ultra

The Gateway Max and Cloud Gateway Ultra have similar hardware. Compared to the Lite and Express, these offer more CPU power, more interfaces, and higher limits. The UXG-Max offers full 2.5 Gbps connectivity for WAN and LAN. It is capable of 1.5 Gbps with IDS/IPS, or near line rate with it turned off. One of the four LAN ports can be remapped as a 2nd WAN, which isn’t possible on the UXG-Lite.

The Cloud Gateway Ultra can manage over 30 UniFi devices - significantly more than the Express. It’s comprimised in other ways though. It doesn’t have Wi-Fi built-in, and it’s slow internal backplane limits it to 1 Gbps of throughput, despite the 2.5 Gbps WAN port. It also doesn’t run all of the other UniFi applications, so you’d need a Cloud Key, NVR, or other hardware depending on which you want to use.

Of course, you can also consider a Dream Router, or a Dream Machine Pro, or… if you’re confused and overwhelmed, you’re not alone. Hopefully a spec comparison of all Cloud Gateway models, and all current gateways will help.

Cloud Gateway Comparison Charts

Comparison of All Current UniFi Gateways

In general, the biggest deciding factor between a UXG gateway and a Cloud Gateway is the controller. Do you want to have your controller built into your gateway, or on a separate device? There are advanatages and disadvantages to both.

Notes on Components

Both the Gateway Max and Cloud Gateway Ultra are built around the Qualcomm IPQ5322. The U7-Pro is built around the IPQ5332. In fact, most UniFi devices are built around a system-on-a-chip (SoC) from Qualcomm or MediaTek.

The IPQ5322 features many components, including a general-purpose CPU, PCIe and USB connections, and a 12-thread Network Processing Unit (NPU). The NPU offloads networking functions like routing and QoS from the CPU. Qualcomm leverages the NPU so that a faster (and more expensive) general-purpose CPU isn’t required.

While the four CPU cores within this SoC — ARM A53, clocked at 1.5 GHz — aren’t cutting-edge, this hardware isn’t old. The IPQ5322 is part of Qualcomm’s new Immersive Home 326 platform made for Wi-Fi 7 devices.

From Qualcomm’s product brief:

The Qualcomm Immersive Home 326 Platform’s specialized Packet Processing Engine offloads WAN networking and QoS traffic management, thereby freeing up powerful Quad-core Cortex-A53 Arm CPU compute to support differentiating services and applications, such as device management and control, content filters, and security features.

Powerful Quad-core CPU and specialized Packet Processing Engine provides powerful networking acceleration and QoS traffic management while offloading CPU

Dedicated Security Processing Engine ensures secure network transactions with embedded networking crypto engine, Secure Boot with root-of-trust transfer and TrustZone

Another concern I’ve seen is the 2 GB of RAM in the UXG-Max, vs. the 3 GB of RAM in the Cloud Gateway Ultra. I personally wouldn’t worry about that, since the UXG-Pro also has 2 GB, and the Cloud Gateway Ultra uses some of that extra RAM to run the UniFi Network Application. Routing and firewalling don’t require a ton of RAM.

Notes on UXG-Max… imum Throughput

The specs show up to 1.5 Gbps of IPS/IDS throughput, but how much should we expect when IDS/IPS is turned off? What is the maximum throughput of the UXG-Max?

To review, these are the advertised IDS/IPS throughput limits:

  • UX: IDS/IPS not supported

  • USG: 85 Mbps

  • USG-Pro: 250 Mbps

  • UDR: 300 Mbps

  • UXG-Lite and UCG-Ultra: 1 Gbps

  • UXG-Max: 1.5 Gbps

  • UXG-Pro, UDM-Pro, UDM-SE, and UDW: 3.5 Gbps

For the UXG-Max, according to some initial iPerf testing by arthurdent on the Community forums:

  • With DHCP, DPI, DNS Shield and Ad Blocker enabled = 2.1 to 2.3 Gbps

  • Adding IPS/IDS turned to high = 1.7 Gbps

  • Adding PPPoE = 1.4 to 1.6 Gbps

  • With PPPoE and IDS/IPS turned to high = 1.0 to 1.3 Gbps

Most features — DHCP, DPI/traffic inspection, DNS Shield for encrypted DNS, ad blocking, maybe some custom firewwall rules — can be enabled without significantly limiting throughput. PPPoE is still a significant drag on maximum throughput, as is enabling the Suricata intrusion detection and prevention “Suspicious Activity” settings. Without those, over 2 Gbps should be achievable, and multi-gigabit inter-VLAN traffic is possible as well.

Notes on Branding and Naming

I’m exhausted. Trying to explain any new UniFi product these days feels like an excercise in comparisons, contrasts, exceptions, and asterisks. Sometimes it feel like you need a cork board and some red yarn, but we all know that there is no Pepe Silvia.

I believe UniFi products themselves are not that confusing. They are easy to use. The hardware is good, the software is good, and their documentation is getting better. It’s just hard to talk about the products because the naming is inconsisent and can change over time.

Ubiquiti’s institutional love of Apple extends to their sometimes non-sensical marketing names. Why did UniFi OS Console become Cloud Gateway? Are the UXG models “next-generation” or current? Why is UXG-Max below UXG-Pro, doesn’t max stand for maximum? And what does “Ultra” mean, exactly? You can drive yourself mad trying to find answers to these questions, or you can focus on what matters.

The UXG-Max is the right gateway choice for those who:

  • Self-host the UniFi Network application or use a Cloud Key

  • Want 2.5 Gbps Ethernet and Dual-WAN

  • Don’t want or need 10 Gbps SFP+

If those don’t apply, consider the alternatives:

  • If you don’t want to self-host or use a Cloud Key — consider a Cloud Gateway

  • If you don’t want 2.5 Gbps Ethernet or dual-WAN — consider the UXG-Lite

  • If you want 10 Gbps SFP+ — consider the UXG-Pro and a full network rack installation

And some universal product purchasing advice — buy something if it is worth the price you pay for the benefits you get at the time of purchase. New and better things will always be coming. If you felt the UXG-Lite was worth $129 four months ago, but now you’re disappointed that this is available for only $70 more, I understand. I have a UXG-Lite sitting in a box right next to me as I type this. I have some other equipment too, but that’s a story for another time.

Unfortunately for those of us on the outside, we can’t read Ubiquiti’s mind. They control how they release information about current and upcoming products, and when everything happens. It would have been nice to know this was coming, but the UXG-Max is yet another gateway option. For some, it’s the right one. For now, at least.