You are planning out your new home network, want those awesome Unifi access points, but which router should you add to it? Are you going for the Unifi USG to stay with the Unifi line, or is the faster and cheaper Edge router a better option?
If you search on Unifi USG vs EdgeRouter you will find two common answers; the EdgeRouter is difficult to configure and the USG is slower. Both are true, but there is more to it.
USG and EdgeRouter compared
So lets first start with the specifications and details of both products.
| 
|
|
| Edge Router X (ER-X) | Unifi Security Gateway (USG) | |
| Processor | Dual-Core 880 MHz | Dual-Core 500 MHz |
| Smart Queue Shaping Performance | min 100Mbit/s | max 60Mbit/s |
| Gigabit RJ45 ports | 5 | 3 |
| Price | Around $50 | Around $120 |
Both routers can support a connection with a speed up to 1gbit, but only with every feature turned off. So no DPI (Deep Packet Inspection), Smart Queue Shaping (QoS), VPN tunnels, or firewall rules.
When you start turning features like that on, the CPU is needed and your throughput will drop, resulting in the numbers showing in the table above. So the question is, do you need those features? If the answer is yes, then, in general, a faster CPU is better – Win for the EdgeRouter.
A fast WAN connection on your router is nice, but if you push your package with 1gbit up to the internet and your modem or ISP can’t handle it smoothly, you will get a high bufferbloat. Meaning that a lot of packages have to be re-sent, causing a higher latency (which you don’t want when you play games online or do a lot of video conferencing).
Configuration of an Unifi USG vs EdgeRouter
So on one side, we got the speed of the routers but the other big difference between the two is the interface. The big advantage of the USG is that you can manage it within in Unifi Controller. By adding a USG to your network you will get full network insight starting at your internet connection all the way through the client devices.
Configuring an Unifi USG
Managing an Unifi USG is really easy with the Unifi Controller. Within a few clicks, you can setup the WAN connection, enable SQM in the same screen for it and you are all set. If you already have some Unifi gear then you are probably already used to the Unifi Controller interface. If not, then don’t worry, the first run wizard will guide you through it nicely.
The EdgeRouter, on the other hand, comes with its own interface, just like any other router. But that doesn’t mean that it’s harder to setup. It comes with more, advanced, features and a couple of wizards that you can use to setup the router.
For normal home use, you can set everything through the web interface of the EdgeRouter. You won’t need to dive into the CLI (Command Line Interface). The only thing that you might come across in a home network is the need of a vLAN. They are a little bit harder to setup correctly in the Edge Router then in the Unfi Controller.
When should you buy the Unifi USG?
To be honest, that is a good question. Personally I always use the EdgeRouter, but more about that later. So I tried to come up with scenarios when you should buy the USG, and to be honest, they are pretty hard to find.
There are two real advantages of the USG that only work if you have an internet connection with a speed below the 100Mbit/s. Intrusion Prevention System (IPS) and site-to-site VPN. The fact that you get one dashboard is nice, but you won’t be looking at the dashboard all day. (you want fast and steady internet).
Intrusion Prevention System
In the USG you can enable IPS. IPS is an engine that identifies potentially malicious traffic based on signatures. The signatures contain known traffic patterns or instruction sequences used by malware.
This is a great addition to your network security but it comes at a cost. The throughput of your router will lower to around the 85Mbit/s when you enable IPS.
Site-to-Site VPN
Another feature that the USG blinks out in is the ability to setup a site-to-site VPN to another USG router with only a couple of clicks.
Now for a home network it’s not likely that you will use the site-to-site VPN option.
Price and interface
The Unifi USG cost around $120, an EdgeRouter X is around $50. So let’s assume your internet connection speed is below the 80Mbit/s. You will have to ask yourself if one nice looking dashboard and management console is worth the extra $70. You won’t get more performance for it, that is for sure.
The EdgeRouter X (SFP)
So why I am such a fan of the EdgeRouter X? Well, you get a lot of value for your money. The EdgeRouter X line is capable of handling internet connections up to 1Gbit/s (if you turn all the features, SQM, DPI, etc, off) for only $50.
To be clear, if you turn all the features (DPI, IPS, VPN, etc) off in the USG, then the USG is also capable of handling 1Gbit/s internet connections. Only the router is more than twice as expensive. With all features off you won’t gain anything from the USG compared to the EdgeRouter X (except a green checkmark in the Unifi Controller Dashboard).
But even with Smart Queue Management turned on is the router still capable of handling internet connections up to 250Mbit/s with a minimum of 100Mbit/s. SQM is one of the features you most likely are going to use in your network.
With SQM you can prevent bufferbloat, assuring a network connection with low latency.
Now the EdgeRouter can do a lot more than SQM alone, but for normal use, this is one of the most important options.
EdgeRouter X SFP
If you also have, or planning to get, some Unifi Access Points, then you probably want to go for the EdgeRouter X SFP. This version comes with 5 Ethernet ports that all support PoE (Power over Ethernet). This way you can connect and power up your Unifi Access Points without the need of a Power Adapter (eliminating the need for extra power sockets and extra UTP cables)
The price for the EdgeRouter X SFP is around $90, so it comes close to the Unifi USG. But keep in mind that it comes with more network ports then the USG (only 1 usable). So with the EdgeRouter X SFP you may not even need a switch for your home network.
Speedtest EdgeRouter X vs USG
I have done a couple of speed tests with the EdgeRouter X and the USG. The internet line that I tested it on is DSL 50mbit down and 20mbit up connection. The actual speed that I can reach on the line is around 57mbit down max and 28mbit up.
On the EdgeRouter, I have enabled SQM and have set it to 50Mbit/s down and 20Mbit/s up limit. With these settings, I don’t experience any bufferbloat and have a nice and steady internet connection. As you can see the upload is a bit limit to 15Mbit/s, the download is nice on target with almost 50Mbit/s:
After I connected the USG I made sure that Hardware Offloading was on. This way you should be able to get the maximum performance of the USG. By turning Hardware Offloading on, features like Thread Management and SQM won’t work.
As you can see in the results, I got a pretty high bufferbloat and the upload is just of the chart.
The USG has also the ability to set SQM on your WAN connection. Now, I have tried a lot of different settings, trying to get the best result with the USG. With, or without threat management, DPI on or off, playing with the up and download limits, but in all cases, with SQM turned on, I wasn’t able to get any higher download speed then 38Mbit/s.
Also, I couldn’t get a nice steady upload with the USG. The buffer bloat is gone, but I am not really happy with the results:
Conclusion
I hope this little comparison helpt you choose between the Unifi USG and the EdgeRouter. In this article, I didn’t go too deep into the technical differences because if you want to do advanced networking stuff, you should just simply go for the EdgeRouter.
I really like the full network insights that you get with the USG, the integration with the Unifi Controller is really nice, but it comes at a price. And from a pure network perspective is the EdgeRouter a far better choice.
In my experience, the usg is far better in terms of traffic (hw-offloding on). The edge router has a problem with UDP traffic, e.g. with VPN connections.
Best regards
Hey bud,
Just setup a USG, with a US-8-60W switch, and a UAP-AC-Pro wireless access point yesterday. I’m replacing an Edgerouter PoE-5, which I was previously using with the UAP-AC-Pro. I have the Unifi Controller setup on an RPi3.
Some things I noticed right away, since I’ve only been using this new setup with the USG for a a day now.
I’m getting the same internet speeds with the USG, that I was getting with the ERPoE-5. I have 75Mbps connection with 15Mbps uploads. I also have Threat Management enabled. See the screenshot below.
https://snipboard.io/YIqXm7.jpg
As you can see, the Speedtest shows I’m maxing out my connection speed.
I’ve also noticed that my streaming is much improved since switching to the USG. I’d get some lag while live streaming content using IPTV services before, but not anymore. I also stream to devices over wifi and ethernet.
I sure there have been other improvements, but overall my network seems much more stable since switching to the USG. I also used the ERPoE-5 for about 4-5 years. I know the CPUs between both devices are similar, but not sure what else in terms of specs.
Thank you for this comparison, almost bought USG with 4+4 PoE switch but now, since ubiqiti fancy features are not very important it looks like i can take ER-X-SFP or ER-6P (second one cost in my country same as USG + PoE switch).
Since I have 500/50 Mbit connection I need to decide which can handle this connection.
Both are able to handle the connection. Only keep in mind when you enable SQM, the ER-X can do only do ~ 150Mbit. The ER-6P has a faster CPU and more RAM and should be able to get a higher trough put with SQM enabled.
If Ubiquiti will send you a Dream Machine Pro for evaluation, also request a Unifi IP camera so you can test the integrated network video recorder 🙂
I agree with the conclusion of the article with respect to Unifi USG router vs EdgeRouter, however, in terms of getting the most value I think the Unifi Dream Machine Pro (sku: udm-pro) router ($379) offers more since it includes better hardware (quad cores) and all of the unifi controllers and applications are integrated into it (instead of having to buy the Unifi Cloud Key separately, sku: uck-g2-plus). The one thing it doesn’t offer is POE but the access points i use include power injectors (sku: uap-ac-hd-us) so that’s not an issue for me. If you do need POE the least expensive Unifi ethernet switch is $109 (sku: usw-lite-8-poe) and there are many other poe switch options as well. It would be great if you had the time to test and review the Unifi Dream Machine Pro router in the future.
I will try to get a Dream Machine so I can do a review about that one as well.
Awesome post! I enjoyed reading it. Could you please elaborate about edgerouter x and why I should buy the x spf? Thank you in advance !
The SPF comes with PoE ports, allowing you to connect Unifi Access Points to it without the need of additional power adapters.
I have the ER-X-SFP and have been using it for at least two years now, it’s excellent and I use the PoE adapters with two UniFi AP-AC-LR access points, it’s pretty seamless. I also use the SFP to connect to a D-Link DGS-1510-20 which I got for a very good price because it has 10G SFPs for connecting from my house to my workshop.
I keep feeling frustrated that the CloudKey/Unify Controller software doesn’t recognise the concept of EdgeRouter devices (although UNMS does but that doesn’t really like UniFi much).
The performance differences between the USG and ER-X make it sensible for me to stay with the ER-X (I have dual WAN >100Mbps) but from a network visibility point of view it’s annoying to have two systems that don’t talk. I appreciate they are two product lines but it doesn’t mean they can’t acknowledge the existence of each other!
Netgate does make a less expensive model, the sg-1100 for $179, which will work for internet connections of 500Mbps or less. All of their routers run the pfsense operating system which has both gui and cli for configuration. It’s still alot more relative to the $60 edgerouter, but for my clients an extra few hundred dollars is not a factor especially for a piece of hardware that will be used for five plus years. The main strength of the netgate routers (aside from the great hardware specs) is the pfsense operating system which is open source and a commerical grade operating system on par with cisco ios. If you had time, you could get a free old computer with dual nic’s and install the free pfsense operating system on it to create a free router then do a review comparing the $60 edgerouter vs the Free pfsense router. The only edgerouter i would use that has decent spec’s cost about $399 – i forget the exact model number. For someone only willing to spend $60, it seems that it would be better to not spend anything and just use the router provided by the internet service provider for Free (or build their own router for Free).
Have you written any reviews comparing the unifi edgerouter with the netgate sg-3100 router ? If not, I would like to know your thoughts on the netgate sg-3100 spec’s and performance.
No haven’t reviewer or used a Netgate router before. But I don’t think you can fully compare a sg-3100 with an EdgeRouter X for example. SG-3100 costs around $400 where and EdgeRouter costs $60 roughly. The specs of the sg-3100 looks better, but I have no idea how it performs.
I’ve got a couple of questions re the edge router. I’ve got an ER8 with behind that a UniFi Switch (24/250W) and AP’s. When I just setup the entire system, I could easily get close to the 500 Mbps connection I pay for, when I did a speedtest on my iPhone via WiFi. However, now it seems to get stuck at 100-150 download and 250 upload. Could that be just the appliances (Philips Hue, kitchen appliances, laundry machine, dryer etc.) in my house to take up part of the processing power somewhere in the router or is it more likely to be the throughput in my AP’s that limits this? When I perform the speedtest I am connected to a UniFi AP HD (5Ghz), according to UniFi the channel utilisation is 3% at 2G and 17% at 5G.
So I don’t think the AP is limiting the throughput. But it might be some settings in my Edgerouter. Is there a good tutorial on how to setup the edgerouter and its firewall? I want a safe network, but not 70% of the capacity I paid for being limited by some setting I missed.
Thanks for any help
Hi Hans,
A couple of things to check:
1. What is the speed when you connect a computer straight to EdgeRouter?
2. What is the speed when you connect a computer straight to the Unifi Switch?
3. If the speed of 2 is lower then 1, replace the cable between the router and switch (or test the computer with the cable from the switch)
4. Do you have SQM enable on the EdgeRouter? Because this will lower the throughput of the Edgerouter to the number you now have.
About settings up the EdgeRouter, did you read this article?
Unfortunately I have no computer with an ethernet port, so I am using a dockingstation (Dell WD19 130W, gigabit ethernet) + USB-C in between.
I have disconnected all connections on the Switch / EdgeRouter and have disabled all non-relevant vlan’s on the EdgeRouter.
All speedtests via speedtest.net and Tele2 server (much faster than KPN, my ISP).
1. 300mbps/down / 500 mbps/up (without switch)
2. 300mbps/down / 500 mbps/up (via switch)
I tried also some other scenario’s
3. Connect all access points and IoT devices and have them running idle. (So normal network state, without watching tv or downloading etc.) Then the wired speedtest (via switch) is 285 down / 500 up.
4. Disconnect all, but connect one accesspoint directly to ER (UniFi Flex HD (2G/1, 5G/42 (44+1)), block all other client connections, then my laptop generates 274 down / 487 up. If I do the same with my iPhone it yields: 290 down / 510 up.
4. Disconnect all, but connect one accesspoint directly to ER (UniFi AC-PRO (2G/1, 5G/42 (44+1)), block all other client connections, then my iPhone generates: 290 down / 460 up.
5. With all AP’s connected, but all other clients blocked, when I then connect to the UniFi Pro, it generates 265/440, so slightly lower, but not that much.
So it seems that the upload is not the issue: I think I have to accept WiFi signals are not constant and there is actually a lot going on on the network when all devices are connected that the upload speed drops significantly.
But it is still weird the download speed is not higher when I use a wired connection. And it is quite typical that it seems to be capped at 300 mb/s quite a round number for something like that.
When I look in the EdgeRouter configuration, I see two policies for ‘traffic-control / optimized-queue:
traffic-control {
optimized-queue {
policy global
policy queues
}
}
(I must be honest: I have no clue what these mean)
And I have nothing in Smart-queue.
When I disable Traffic Control, and redo above tests it is again 300/500 for the wired direct connection. So it doesn’t seem to make any difference.
Any ideas?
(NB: yes, I read the article)
it’s indeed strange, try turning on hardware offloading:
Config Tree–>System–>Offload–>HWNAT=enable.
It doesn’t let me do that:
Error: This platform integrates hardware NAT offload into forwarding offload. NAT offload is not individually configurable. Value validation failed
I tried the following:
offload {
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
ipv6 {
forwarding enable
pppoe enable
}
}
And that seemed to be helping a lot: 455/600 Mbps.
I’ve asked KPN to set me up with an 1 Gbps connection so I can see whether all settings internally are setup to profit maximum from the available bandwith.
With the 1Gbps connection I get 900/675 Mbps with my laptop directly connected to the edgerouter. But I think I might be at the point where just the upload capabilities of my laptop are not up to higher speeds.
Thanks for the help. Think this is about what I should expect of the efficiency of the setup.
Hi Hans,
Great to hear that you solved it.
I am having a peculiar problem with the USG. I have a USG attached with 6 UAP AC pros.
All my devices gt connected and get the ip but My windows Lenovo laptop wifi adapter doesnot will not get the ip and resorts to 169.172 series instead of the 192.168.1…
The moment I change the USG to some home router(TP link, Tenda, Dlink), the lenovo will immediatley geet the IP and wil connect to the network-internet.
How do I solve the problem.?
I have tried giving the static IP in lenovo – it doesnot let me save that…
I am in a fix.
Check this article, some tips might help with this issue.
Thanks for the comparison. After prolonged indecision I’ve purchased the ER-X, and even a second ER-X to use as a switch.
Could the same level of network insight be achieved using the ER-X, ER-X (switch), airCube AC APs, all monitored by UNMS?