USA
Catalog   /   Computing   /   Networking   /   Routers & Firewalls

Comparison Ubiquiti UniFi Security Gateway vs Ubiquiti EdgeRouter X

Add to comparison
Ubiquiti UniFi Security Gateway
Ubiquiti EdgeRouter X
Ubiquiti UniFi Security GatewayUbiquiti EdgeRouter X
Compare prices 2Compare prices 4
TOP sellers
Main
This model is equipped with advanced developments in the field of security system for reliable and confidential data transfer. The VoIP port in the router settings can be redefined as a WAN port.
Typerouterrouter
Mountdesktopdesktop
Ports
Connections
Ethernet
Ethernet
Gigabit Ethernet3 pcs5 pcs
Of which dedicated WANs1 pcs
Of which dedicated LAN1 pcs
Console port
Features
Control
SSH
 
Web interface
 
SSH
Telnet
Web interface
SNMP
Basic features
DHCP server
port forwarding
VPN
DDNS
DHCP server
port forwarding
VPN
DDNS
Security
Security
MAC address filtering
 
 
 
MAC address filtering
DoS protection
web content filtering
DMZ
PoE
PoE (input)passive
PoE (output)passive
General
PSUexternalexternal
Dimensions (WxDxH)135x135x28 mm110x22x75 mm
Weight360 g175 g
Added to E-Catalogaugust 2019september 2016

Gigabit Ethernet

The number of standard Gigabit Ethernet RJ-45 network connectors provided in the device design.

As the name suggests, these connectors provide data transfer rates up to 1 Gbps. Initially, Gigabit Ethernet was considered a professional standard, and even now the real needs for such speeds arise mainly when performing special tasks. Nevertheless, even relatively inexpensive computers are now equipped with gigabit network adapters, not to mention more advanced technology.

As for the number of connectors, it corresponds to the number of network devices that can be connected to the "switch" directly, without the use of additional equipment. At the same time, it is worth noting that in some "switches" individual connectors of this type are combined with optical SFP or SFP +. Such connectors are marked "combo" and are taken into account both when counting RJ-45 and when counting SFP / SFP +.

Of which dedicated WANs

The number of ports designated as WAN by the manufacturer. They are intended for wired connection of the device to the Internet or other external networks (to solve some specific problems).

Of which dedicated LAN

In this case, dedicated LANs mean directly marked network connectors designed for wired connection of LAN devices - PCs, servers, additional access points, etc. The number of ports corresponds to the number of devices that can be directly connected to the equipment by wire.

Console port

The presence of a console port in the router. This connector is used to control the device settings from a separate computer, which plays the role of a control panel — a console. The advantage of this format of operation is that access to the functions of the router does not depend on the state of the network; in addition, special utilities can be used on the console that provide more extensive capabilities than a regular web interface or network protocols (see "Management"). An RS-232 connector is often used as a console port, but in modern routers this role can also be played by a separate Ethernet input (not used for any other purpose).

Control

Management methods and protocols supported by the router.

SSH. Abbreviation for Secure Shell, i.e. "Safe shell". The SSH protocol provides a fairly high degree of security, because. encrypts all transmitted data, including passwords. Suitable for managing almost all major network protocols, but requires a special utility on the host computer.

Telnet. A network management protocol that provides configuration via a text-based command line. It does not use encryption and does not protect transmitted data, and is also devoid of a graphical interface, which is why in many areas it has been supplanted by more secure (SSH) or more convenient (web interface) options. However, it is still used in modern network equipment — in particular, as a means of managing FTP servers.

Web interface. This function allows you to open the router's management interface in a regular Internet browser. Thus, to access the settings, you do not need special software — just a regular computer or even a smartphone / tablet is enough (modern mobile browsers are close to desktop ones in terms of capabilities).

SNMP. Abbreviation for Simple Network Management Protocol, i.e. "simple network control protocol". It is a standard part of the common TCP/IP protocol on which both the Internet and many local networks are built. I...t uses two types of software — "managers" on control computers and "agents" on managed computers (in this case, on a router). The degree of security is relatively low, but SNMP can be used for simple management tasks.

Note that this list is not exhaustive — some routers have other, more specific management capabilities (such as the EEM event manager in Cisco devices).

Security

The security features provided by the device. Among the most common features of this kind are MAC address filtering, web content filtering, DoS protection, antivirus, antispam, and DMZ. Here is a more detailed description for each item:

— MAC address filtering. The ability to restrict network access for individual devices using data about their MAC addresses. Recall that the MAC address is a unique identifier assigned to each network device. And this function allows, for example, to open Internet access only for certain computers in the office, or to limit the connection to a closed corporate network for devices that are not on the “white list”.

— Protection against DoS attacks. A set of tools (software and sometimes hardware) to protect against DoS attacks. DoS (Denial Of Service — "denial of service") in a simplified form can be described as an attack on a computer system using a huge number of requests that the system cannot handle; as a result, access is difficult or impossible for ordinary users. Protection against such attacks can be carried out, in particular, by filtering suspicious requests or limiting the number of responses to requests per unit of time. However, the specific functionality and features of this protection should be specified s...eparately.

— Web content filtering. This function allows you to restrict or completely prohibit access of local computers to certain web resources. At the same time, filtering can be configured according to different criteria: by domain names, by categories (“adult” content, high traffic consumption, entertainment topics, etc.), by the type of content on the page (video, large images, certain scripts, etc.). n.) and others. Specific filtering features should be specified separately; however, anyway, this function allows you to set additional access rules. For example, it can be used to block access to non-work-related sites for employees in the office, or enable a parental filter on a home network.

— Antivirus. Antivirus — a tool for detecting and neutralizing malware — installed directly on the router. It is mainly used to analyze and filter network traffic, while many antiviruses are able to work in two directions — both for incoming and outgoing traffic. This allows not only to protect the network from outside attacks, but also to detect already infected local devices and prevent the distribution of confidential information, virus copies and other unwanted data. On the other hand, this feature increases the load on the router and can significantly slow down the connection speed. Therefore, it makes sense to use an antivirus on a router mainly in cases where individual devices on the network are poorly protected (or not protected at all), or if maximum protection is fundamentally important. It is also worth considering that the specific capabilities of the antivirus may be different, for each model they should be specified separately.

— Antispam. A built-in set of tools that allows you to analyze incoming mail traffic for spam and automatically filter these messages at the router level, preventing them from passing any further. This not only reduces the load on mail systems in the local network and facilitates mail filtering, but also has a positive effect on security: messages with malicious content simply do not reach the recipients. Note that when talking about antispam, they usually mean protection for classic email; for other communication methods (Viber, Telegram, etc.), such tools are not used for a number of reasons.

— DMZ. An abbreviation that stands for "demilitarized zone". By itself, this function allows you to create a segment in the local network that is open to external access; such a segment may host, for example, the company's Internet services. In its classic form, the DMZ is separated from the rest of the local network by a firewall, which provides the necessary security. At the same time, in some routers, this term may mean DMZ-host mode — a kind of "simplified version". When operating in this mode, the server open for external access is not separated from the local network, which simplifies setup, but reduces security; therefore, the DMZ host is found mainly among low-cost models designed for home use and small businesses.

PoE (input)

The standard for the PoE input provided in the device.

By itself, PoE (Power over Ethernet) technology makes it possible to transfer not only data over an Ethernet network cable, but also energy to power network devices. And the presence of a PoE input allows the router itself to receive power in a similar way. Note that there are special devices - the so-called PoE injectors - that allow you to add power to a regular network signal (that is, add PoE support to equipment that does not initially have such a function).

As for the PoE standards, they determine both the power supply and the main possibilities for coordinating the power source with the consumer - both must support the same standard, otherwise normal operation will be impossible. At the same time, formats that are marked like “802.3*” are called active; their common feature is that when a load is connected, the power source first “interrogates” it, checking whether the powered device complies with the requirements of the corresponding standard, and if so, what kind of power should be supplied to it. There is no such feature in the passive standard. And here is a more detailed description of specific options:

— 802.3at. A standard originally released back in 2009 and known as PoE +, or PoE type 2. The standard power received at this input is 25.5 W, with a voltage of 42.5 to 57 V and a pair power of up to 600 mA.

— 802.3af/at. This mar...king means that the PoE input supports both the 802.3at standard described above and the earlier 802.3af (PoE type 1). The second format is noticeably more modest in terms of capabilities: it provides power at the power input up to 13 W, input voltage 37 - 57 V and power in a pair of power wires up to 350 mA. Despite their "venerable age", many devices with 802.3af outputs are still in use today; so for the power input of the router, compatibility with this standard may not be superfluous. We only note that 802.3af covers as many as four so-called power classes (from 0 to 3), which differ in the specific number of watts at the output and input. So when connecting power from a device with this PoE standard, it does not hurt to further clarify compatibility by power class.

— Passive. The most simple and inexpensive standard, designed to be used mainly in entry-level equipment (since the implementation of active PoE standards is generally expensive). As mentioned above, the key difference from the formats described above is that the power supply supplies energy "as is" - with a strictly fixed voltage and power, without checking the characteristics of the load and without adjusting to it. This is what ensures low price and availability. On the other hand, when using a passive PoE input, care must be taken to ensure that the voltage and power of the power supply match the characteristics of the router; and such coordination can be quite difficult in light of the fact that the passive standard does not have strictly defined standards even for voltage, not to mention power. At the same time, the inconsistency leads to the fact that in the best case (if the output voltage / power is lower than tech required for the load), the power simply will not work, and in the worst case (with excess voltage / power), there is a high probability of overloads, overheating, and even breakdowns with fires - moreover such troubles may not occur immediately, but after a fairly considerable time. So you should pay attention to this option first of all in cases where simplicity and accessibility are more important than advanced power supply standards. At the same time, we note that some switches, which, in addition to the passive input, also have a passive PoE output, allow “cascade” connection - in the form of a serial chain of several devices powered by one external source (the main thing is that this source has enough power).

Separately, we emphasize that you should not try to connect an active power source to a passive input, and even more so vice versa. In the first case, the device simply will not pass the test that is carried out before power is applied, and the power will not turn on. And in the second case, serious failures and even accidents are possible: a passive power source supplies energy immediately, without checking the characteristics of the powered device, which creates the risk of overloads if the operating parameters do not match.

PoE (output)

The PoE output(s) standard used by the router.

By itself, PoE (Power over Ethernet) technology allows you to transfer not only data over an Ethernet network cable, but also energy to power network devices. And the presence of a PoE output (outputs) makes it possible to power such devices from the network connectors of the device. This eliminates the need to lay additional wires or use independent power sources, which is especially important for some equipment, such as external IP surveillance cameras. And when using the so-called splitters - devices that divide the PoE cable signal into purely network data and power power - using such outputs, you can also power equipment that does not initially support PoE (the main thing is that their power characteristics correspond to the capabilities of the switch).

As for PoE standards, they determine not just the overall power supply, but also compatibility with specific devices: the consumer must support the same standard as the router, otherwise normal operation will be impossible. Nowadays, including in the connectors of "switches", you can find two types of such standards - active (802.3af, 802.3at, 802.3bt) and passive (one, that's what it's called). The main difference between these varieties is that active PoE provides for matching the power source and load in terms of voltage and power, while passive PoE does not have such functions, and energy is supplied “as is”, witho...ut adjustments. And here is a more detailed description of specific standards:

— 802.3af. The oldest active PoE power format in use today. It provides power at the power output up to 15 W (at the input of the consumer - up to 13 W), output voltage 44 - 57 V (at the input - 37 - 57 V) and power in a pair of supply wires up to 350 mA. Despite the "venerable age", it still continues to be widely used; so there are still quite a lot of routers that work only with 802.3af on sale (as of the end of 2021). However, it is worth considering that this standard immediately covers 4 so-called power classes (from 0 to 3), which differ in the maximum number of watts at the output and input. So when using 802.3af, it doesn't hurt to make sure that the output power will be sufficient for the selected load.

— 802.3af/at. A combination of two standards at once - the 802.3af described above and the newer 802.3at. The latter allows you to supply power up to 30 W (up to 25.5 W at the input of the powered device), uses a voltage of 50 - 57 V (42.5 - 57 V at the input), while the power in a pair of wires does not exceed 600 mA. Such a combination is relatively inexpensive, while it makes it possible to power a wide variety of external devices; so at the end of 2021, it is this type of PoE outputs that is most popular in routers.

— 802.3af/at, bt. Combination of 802.3af/at above with 802.3bt (PoE++, PoE type 3 or type 4). 802.3bt is the newest PoE power format; unlike earlier ones, it uses not 2, but 4 power wires, which allows you to supply very solid power to external devices - up to 71 V (at 90 W at the power output). Such capabilities are indispensable when supplying power to equipment with increased consumption - for example, external surveillance cameras, supplemented by heating systems. On the other hand, support for the 802.3bt standard significantly affects the cost of the device, and such a connection puts forward special requirements for the quality of cables. In addition, you need to keep in mind that this standard also includes the UPoE format created by Cisco and used in its equipment; and this standard (it is known as PoE type 3) has a more modest power - up to 60 W at the output (up to 51 W at the consumer's input). Yes, and the general standard 802.3bt includes two power classes - class 8, at which maximum performance is achieved, and class 7, where 75 watts are supplied to the output, and about 62 watts reach the consumer. So if you plan to use 802.3bt equipment, when choosing a router from this category, you must make sure that the power supply is enough for the connected devices to work properly.

— Passive. As already mentioned, the key difference between passive PoE and the active standards described above is that in this case the power output produces a strictly fixed power, without any automatic adjustments and adjustments for a specific device. The main advantage of this standard is its low cost: its implementation is much cheaper than active PoE, so such ports can be found even in entry-level routers. On the other hand, the aforementioned lack of auto-tuning makes it much more difficult to coordinate the equipment with each other - especially in light of the fact that different devices can differ markedly in the output / consumption of voltage and power (power). Because of this, when using passive PoE, you need to pay special attention to the compatibility of the source and load in these parameters. If there is no match, then in the best case (if the output voltage / power is lower than required), the power simply will not work, and in the worst case (with excess voltage / power), there is a high probability of overloads, overheating, and even breakdowns with fires - and such troubles may not occur immediately, but after a fairly long time. And it is definitely impossible to connect devices with active inputs to passive PoE outputs - for the same reasons.

In conclusion, it should be said that if the router has both an input with PoE support and several outputs with this function, then all the possibilities of such outputs, as a rule, can only be realized when the switch itself is powered from the outlet, and not from the PoE input. See "PoE Outputs" for details.
Ubiquiti EdgeRouter X often compared