When I first got my Ubiquiti UXG-Lite gateway, I was excited to set it up and integrate it into my UniFi network. The device is powerful, minimalistic, and designed for professional-grade routing – but even the best hardware can run into trouble when firmware updates go wrong.

In this article, I’ll share my personal experience of how my brand-new UXG-Lite became completely unresponsive after a firmware update – and how I managed to bring it back to life using Recovery Mode. If you’ve accidentally “bricked” your UXG-Lite, this guide will help you recover it safely.

Introduction

I bought a new Ubiquiti UXG-Lite gateway and connected it for the first time. It successfully adopted on my self-hosted UniFi Network Application server running on a Raspberry Pi. I configured almost all of my network settings and was ready to finish the setup.

Then I saw a notification that a new firmware version was available. Great! I decided to upgrade immediately – a perfect way to wrap up my network day. However, after the router automatically rebooted, the nightmare began!!!

• The gateway refused to adopt. The UniFi interface kept showing messages like “Reset device to adopt”. After rebooting my switch, I completely lost network connectivity.
• Neither my UniFi switch nor my AP received IP addresses, and even my laptop couldn’t get an IP when directly connected to the LAN port of the UXG-Lite.
• To make things worse, the UniFi mobile app didn’t send any Bluetooth setup notifications, leaving me with no way to re-adopt the router.

I spent over two hours troubleshooting and chatting with Ubiquiti support – but without any working solution.

The reason of failure

The problem turned out to be related to the firmware update sequence. My device was updated directly from the factory firmware v3.1.15 to v4.3.2, skipping several intermediate versions. This large version jump caused the system to fail during initialization.

To resolve the issue, I had to downgrade the firmware from v4.3.2 to v4.1.13, which restored the gateway to working condition.

Prepare UXG-Lite and PC

There’s only one way to perform a firmware downgrade – by using Recovery Mode. The process is simple and takes just a few steps.

1. Download the firmware – Go to the official Ubiquiti website and download the firmware file you want to install. In my case, I downloaded version 4.1.13.
2. Configure your PC network settings – Set a static IP address in the 192.168.1.0/24 subnet. When I performed the recovery, I used 192.168.1.11.
3. Boot the UXG-Lite into Recovery Mode
   • Power off the UXG-Lite.
   • Using a toothpick or paperclip, press and hold the Reset button.
   • While holding the button, power on the router.
   • Keep holding for about 15 seconds, then release the button.
   • Connect your PC to the LAN port of the UXG-Lite.

Recovery process

In Recovery Mode, the gateway uses the reserved IP address 192.168.1.30. Open this address in a web browser – you should see the Recovery Mode interface.

This page displays system information and available recovery actions. In my case, it showed the current firmware version v4.3.2.33ac906. For safety, I checked the file system before proceeding.

Next, upload the firmware file you downloaded earlier.

The downgrade process will start automatically and usually takes about 2 minutes. Once it’s complete, you’ll see a confirmation message and the new firmware version displayed on the page.

Finally, click the Reboot button to restart your UXG-Lite.

Enjoy!

Conclussion

After the reboot, the gateway started working normally again – it was successfully adopted and became fully functional.

If your UXG-Lite becomes unresponsive after an update, don’t panic. Recovery Mode is your best friend. Just follow the steps above carefully, and you’ll bring your device back to life.

Firmware updates can occasionally fail, especially when jumping across major versions. To avoid this issue in the future, I recommend upgrading step-by-step through intermediate versions rather than directly to the newest release.

I have a Postfix mail server, and I regularly check its logs to identify junk IP addresses. On my UniFi Ubiquiti gateway, I created a blacklist to block this suspicious activity. For me, it’s a good idea to block unwanted IPs directly on the router, using its filtering power.

Over time, the list has grown to more than 200 IP addresses. When I tried to copy and paste this IP list from the UniFi web interface, I noticed that only the visible IPs were copied – all others, hidden by scrolling, were ignored. Since I didn’t want to manually copy the list six entries at a time, I decided to extract the IPs in another way.

New name and location of list

After upgrading the UniFi Network Application to version 9.5.21, the Network Objects were renamed to Network Lists.
The UI uses lazy loading, meaning only visible elements are loaded in the browser window. Therefore, when copying manually, I can only get the IPs that are currently displayed.

To view IP Network Lists in the UniFi Cloud Network Application or a self-hosted UniFi instance, do the following:

1. Open Settings
2. Click the Overview menu
3. Scroll down to find the Network Lists section

Where IP Network List located?

I know that the UniFi gateway runs on a Linux-based OS, which means it uses iptables and ipset to manage network rules.
The name of my Network List is Postfix Blacklist, which helps me locate the corresponding rule quickly. To find this list, I need to connect to the gateway via SSH.

Connect to gateway via SSH

Before connecting, I need to make sure that SSH access is enabled. For cloud-based gateways such as UCG Max, this option is found in:

Settings → Control Plane → Console tab

If SSH is disabled, enable it and set a password. Once it’s active, connect using the root account:

ssh [email protected]

Find the IP list

After connecting, I can list all ipset entries using the following command:

sudo ipset list

I found my blacklist under the section named:

UBIOS46894dcc581515d0a7d85e9ba

Example output:

Name: UBIOS46894dcc581515d0a7d85e9ba
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 10000
Size in memory: 6976
References: 1
Number of entries: 312
Members:
162.142.125.216
204.76.203.231
23.185.120.116
...
128.14.236.41
147.185.133.191
20.163.60.142

The corresponding configuration file is located at:

/data/udapi-config/udapi-net-cfg.json

Now I can manage this list directly from the console — copy, export, or edit the data as I need.

Conclussion

By exploring how UniFi gateways manage firewall and network lists internally, I found that it’s possible to bypass the visual limitation of the UniFi interface and access the complete blacklist directly from the system.

This approach is especially useful for administrators who regularly monitor and block spam or malicious IPs at the network level.
Managing lists through SSH provides more control, easier backup options, and the ability to automate updates – something that the web UI currently limits.

Blocking suspicious IPs directly at the gateway remains one of the most efficient ways to protect the network and reduce unwanted traffic to the mail server.

I recently had to go through the process of returning a router Ubiquiti UXG-Lite according to the program RMA due to hardware failure. This experience turned out to be interesting not only from a technical point of view, but also from the point of view of international logistics and warranty conditions. In this posts i detailed describe each stage.

What is an RMA?

RMA (Return Merchandise Authorization) is an official procedure for returning equipment to the manufacturer for diagnosis, repair or replacement. In other words, this is a kind of “permission to return”, which confirms that the manufacturer has recognized the device as defective and is ready to accept it back.

For Ubiquiti RMA is a key element of after sales service. If the user has hardware problems that cannot be solved by updating the firmware or changing the settings, the support service after analyzing the logs and tests can issue an authorization for RMA. Next, the device is sent to the manufacturer’s service center, where it is checked and, depending on the terms of the warranty and the nature of the breakdown, provided repair or replacement with a new copy.

Background and problem with the router

July 14, 2025 year I first encountered a problem – the internet is gone, while the indicators on the equipment lit up as usual. The ISP confirmed that the problem was not on their end, but within my network. After restarting the gateway, the situation is not improved. Only restarting the switch briefly restored communication, but then the problem recurred. I checked the cable connected between the gateway and the switch – it was good, which I confirmed with the RJ45 tester. I collected diagnostic support files from the equipment and handed them over to technical support Ubiquiti.

A few days later, another, more serious problem appeared: the UXG-Lite gateway began to overload periodically, while the use of processor resources reached 100%. IN logs errors appeared WHO- packages and notice of HLOS Panic [0x47]. I suspected it might be related to a known vulnerability CVE-2023-33063 in chipsets Qualcomm IPQ5018 (on which it is based UXG-Lite). This error causes memory corruption and system crash. I even asked support if there was a patch – they replied that the information was passed on to the developers for future updates.

July 27-29, 2025 year, the situation was repeated every day:

• The network worked for 12–24 hours
• Then the gateway suddenly lost the interface br0 (core bridge VLAN)
• Recovery was possible only after hard reboot

Based on the following symptoms, I received a final conclusion of support:

“Loss of interface br0 indicates an internal failure. This is a hardware issue that is unrelated to the software part and cannot be fixed by firmware.”

2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Link DOWN
2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Lost carrier

This means that the device’s primary network bridge occasionally just “fell off”what led to before disconnection. It’s official to me recommended to issue an RMA to replace the device.

Stages of the RMA process

Ubiquiti’s official RMA system shows six statuses through which the request goes. Of course, there are intermediate stages, such as sending the router and receiving it. Upon completion process I took a final screenshot and that’s it posts I will describe each stage in detail.

Sending a request

This is the first stage when I act as the initiator of the application. Of course, in order to submit a claim, there must be some proof that the device is faulty, such as a photo of the damage or a report from the support service with evidence in the form of logs. So I submitted an application with the following text:

Application approval

The next day, the application was approved without any comments. From the day the application is approved, the user has 30 days to send the device. I understood that my router was unstable, but I decided to continue analyzing the problem for another 10 days, working closely with support.

Sending the router to the Netherlands

After the application was approved, I was given the following recommendations for shipping and packing the router:

• Need to print packing slip and put it inside the box.
• Provide readability of the sticker with the MAC address on the device.
• No need to send original packaging or accessories.
• If it is part of a kit, it must be returned in its entirety (this is the rule for the AmpliFi Kit, but the UXG-Lite is a separate device).

I packed the router as recommended and sent it to of the Netherlands. I paid for international shipping 544 hryvnias, which is equivalent to $13. In the window Awaiting RMA Item I confirmed the shipment by clicking on the link “Mark as Sent“. After that, the status was updated to “Product Sent“.

Now it remains to wait for the device to be accepted, checked and will send I have a replacement.

Receipt of the router by the RMA

National Post of Ukraine – Ukrposhta delivered the package to the Netherlands quite quickly – in a week, but it was delayed at customs in the Netherlands. I decided to notify the RMA manager about this so that the company can resolve the customs issues and speed up the process of receiving the router. The router was still at customs for more than two weeks until it was cleared. It turned out that in the Netherlands, duty is charged on any product, so Ubiquiti paid an additional €33.63, which caused a delay in logistics.

• August 15 – Request for payment of shipment costs sent
• August 27 – Payment for shipment costs received

The total delivery time was 3 weeks.

Testing UXG-Lite

On the day of receipt of the router, RMA specialists tested it, which I received a message by mail. This message is usually sent with the receipt message.

Fulfillment

Literally in half an hour I received another message about changing the status to “Fulfillment”. Such a quick reaction is most likely due to the fact that the shipment is created electronically through the postal service.

Sending the router to me

When I already physically sent the router by mail to the Netherlands, I was told in support that RMA does not send devices to Ukraine on the way back, so they expect me to eat i hope another receiving address in the EU.

It’s good that I have the possibility to use the services of a remote warehouse in Poland, so I sent a new address that was transferred to the RMA service. According to this address, a shipment was created on the same day. Of course, this is the way Netherlands -> Poland -> Ukraine and longer in terms of time and more expensive in terms of finances, because the shipment will be at my expense.

• Dispatch Netherlands -> Poland was held by a logistics company FedEx by Ubiquiti and the deadline was only 2 days
• Dispatch Poland -> Ukraine was held by a Ukrainian logistics company Meest at my expense, I paid €7.5 and lasted 7 days

Receiving the device

I received a notification from the postal company Most that the package is already in the branch and can be picked up. I was surprised by the size of the box, which was twice the size of the original packaging. After opening the shipping box, I saw a new UXG-Lite router, but with a European revision.

An amazing moment with a guarantee

Official warranty for the UXG-Lite router – 1 year. At the time of my appeal the warranty period has long passed. However, after diagnosis, technical support is still available approved by RMA – obviously, given the nature of the malfunction and the confirmation that it is a non-standard operation of the device. After sending the router, I was not charged additional money, so I consider it free.

Another nuance – although the purchase was made through a website in the USA, I had to send the device not to America, but to the Netherlands. This is due to the fact that Ubiquiti has a European service center that serves customers from this region.

Conclusions

Even after the warranty expires Ubiquiti can approve an RMA if there is proof of a manufacturing defect and the device was purchased directly from the ubiquiti website. The process is clearly structured: from submitting an application to receiving a new device. Logistics can be international, even if the purchase is made in another country. The main thing is to save all evidence of the malfunction (logs, screenshots, description).

I bought a Ubiquiti EdgeRouter X router quite a while ago, sometime in November 2020. I chose this router solely because of its compactness and low price. During the first initialization, firmware v2.0.9 was installed there. From that moment on, only hotfixes were released to the firmware, without official stable releases. The last hotfix v2.0.9-hotfix.7 was announced in August 2023. Until today, I thought that the project was already closed, and the router would no longer be supported, which means not receiving firmware updates.

I subscribed to the Ubiquiti newsletter and one day received an email announcing a new firmware version for my router, which I wanted to part with! Indeed, the new firmware version 3 was a long-awaited update after a series of release candidate versions – finally released in the final stable version. I installed it, recording every step, to share with you a comparison of these two versions of EdgeRouter OS.

This article looks at the key innovations and improvements – and will be useful for those who plan to upgrade or are simply interested in the development of EdgeRouter. In this article, I made comparative screenshots first of the old version of EdgeRouter OS v.2.0.9-hotfix.7 and below the same page in the interface of the new updated EdgeRouter OS v.3

Main changes in EdgeRouter OS 3

• New web interface (GUI): completely redesigned design, new left menu instead of tabs, updated “ports widget” element in the top panel
• Dark Mode – dark theme for more comfortable work
• Full support for WireGuard VPN – configuration via GUI and CLI, with the ability to use in Site-to-Site VPN, VPN Server and VPN Client scenarios
• DHCPv6 now ignores advertisements without required fields or with missing statuses
• UISP integration: remote access to local GUI via UISP
• Adjusted system settings theme, added CPU and “hardware” status indication in the top panel, temperature warning
• Security improvements::
  • The firewall blocks all incoming traffic on eth1 by default.
  • File name validation when restoring the configuration.
  • WebSocket client IP logging — to detect brute-force attacks.
  • Better password strength checking.
  • SSH is disabled in the default configuration.

In other words, this is not only about design, but also about functionality.

Upgrade Process

When a new version of EdgeRouter OS is detected, the user will be informed in the top panel of the GUI with the inscription “Ready to upgrade“. After clicking this button, the status will change to “Upgrading“. This process will take about 3-5 minutes. During the system upgrade in the “Alerts” section, where the message will appear: “Upgrade to latest firmware version has started“.

In order for the update to take effect, the system recommends rebooting the router. If you ignore this action, the update will be applied the next time you reboot. Of course, all settings are saved during the update, as the difference between the versions is small.

After rebooting the router, the user will already enjoy the new interface and functionality of their router.

Login page

Compared to the old version, the design has become minimalistic and clearer. The single color scheme is more adapted for light and dark modes.

Dashboard

As you can see on the main page, the menu has been moved to the sidebar and is presented in the form of icons. The new visual interface is very similar to the Unifi OS interface. Users who have previously worked with Unifi OS will find similar features in this structure.

If you are attentive, you can see the uptime value, which was not in the old interface on the main page.

Traffic Analysis

I didn’t enable this feature on both the old and new firmware, as this option doesn’t matter much to me, but I’ll share a comparison of these versions. Overall, this functionality hasn’t changed much, except for the graphical layout of elements such as search. The links to enable traffic analysis have also become more obvious, as the blue color is more noticeable than the gray option.

Routing

As in the previous points, this window, apart from the design, has not changed its logic. All elements have remained in their places, but have become more visible due to the blue color.

Firewall/NAT

In this window, I will look at the Port Forwarding tab. In this menu, unlike the old compact design, the new interface looks wider, which does not allow all the necessary information to be placed on one screen, the user will have to scroll down to see the rules table.

Services

The screens have identical functionality, except for the design.

VPN

I don’t have VPN configured either, but the new interface has a WireGuard section. Of course, you could enable this section in the old firmware, but it’s nice that this feature was automatically activated in the new one. For the user, this is only an advantage, because you can connect the EdgeRouter to another WireGuard host to configure different types of VPN.

• Site-to-Site VPN – connecting to a WireGuard node and dynamically or statically routing traffic between nodes.
• VPN Server – allows remote WireGuard clients to connect to the EdgeRouter and access the local network.
• VPN Client – connecting to a VPN provider and routing traffic through the WireGuard VPN using policy-based routing.

QoS

I don’t have QoS configured either, so I’m only sharing the visual difference.

Users

Unlike most previous menus, the user menu has added a remote control function. That is, in the new version, the connection has been divided into local and remote. Now the user will not need to forward ports, thereby reducing the security of the connection.

Config Tree

In the configuration tree, in both the old and new versions, the menus that have been changed are highlighted in bold. There are no further changes in this section.

Wizard

In this menu, the main items are also highlighted in blue, for better focus on the submenus.

Conclusions

The EdgeRouter OS 3.0.0 firmware was mainly focused on changing the design, which is very similar to Unifi OS. The update is most valuable for those who use VPNs, want a better UI, or value security.

When I bought the Ubiquiti EdgeRouter X router, the first thing I did was test its speed via the speedtest.net website. The results disappointed me: the efficiency was only 40-50% of the declared characteristics. In this article, I will tell you how to optimize the operation of this router so that it works at 100%!

What is hardware offload?

Hardware offload is used to perform router functions at the level of specialized hardware modules, instead of processing them by the central processor. This allows you to significantly increase network performance and bandwidth.

Starting with the EdgeOS firmware version v1.9.1, all EdgeRouter models support some type of hardware offload. The latest firmware version available at the time of writing this article is v2.0.9-hotfix.7. This means that I can apply the recommendations to improve the speed of my router.

EdgeRouter X and Hardware Offload

My EdgeRouter X is built on a MediaTek chip that supports hardware acceleration for VLAN and NAT. This means that you can port these functions to the ASIC using the hwnat command. In addition, hardware offload also supports other tunneling functions such as GRE and PPPoE.

How to enable hardware offload?

To enable hardware offload, you need to use the command line interface (CLI) or the EdgeOS graphical interface:

Through the web interface

• Go to the Config Tree menu and in the Configuration block, scroll down and find the Offload parameter

• Opposite hwnat and ipsec, enter enable, to apply the changes, click the Preview button

• In the Commands to Commit window, click Apply to apply the changes

• You will see the message: The configuration has been applied successfully

Through the CLI

To open the terminal window, click the CLI button

You need to enter your login and password, and then enter the following commands in sequence

set system offload hwnat enable
commit
save

Check settings

Checking the result

After activating hardware offload, I recommend re-testing the Internet speed via speedtest.net or any other speed test service. In my case, the throughput increased to 90-95% of the declared by the provider, which significantly improved the stability and performance of the network.

Conclusion

If you have an EdgeRouter X and you have noticed poor network performance, enabling hardware offloading can significantly improve the speed of the device. This simple setting allows you to use the power of the router more efficiently and get the most out of your Internet connection. Don’t forget to update the firmware to the latest version to use all the optimization features!

Foreword

My first impressions are incredibly bright because it really is a powerful device with a modern interface, controls, an intuitive configuration tool!

Unboxing

Box in a minimalist design in beige cardboard. The size of the box has significantly increased to 175 x 160 x 80 mm. On the back of the box, on the lower left, there is a label pasted with information about the country of manufacture, the address and a hologram that the product is certified and authentic. As in the previous version, the box is opened by pulling on a special opening tab. After opening the box, as in the previous version, there is a bright blue qr-code in the center, which leads to the instructions for the first connection. That is, at the first stage

After turning this side of the box in the center, the router itself is flaunted in a matte factory film. Under the router, after removing the white tab, in the plastic section there is a 5V 3A charger, a short 15 cm patch cord, legs in the form of a sticker, and a very small paper instruction is inserted into the side pocket. I took a photo of each element separately and larger. Everything was placed compactly and competently, I liked it.

In order to understand the difference in size and number of ports, the location of elements, I decided to physically compare the two models UXG-Lite and UCG Ultra, see how incredible the difference is.

Settings and Speed test

After waiting for the router to fully load, which is about 2-3 minutes, I saw an animated recommendation to continue setting up on the display. The display displays information clearly and interactively, it’s just great!

When accessing the Internet, the setting takes place through the UniFi application via Bluetooth. I made the settings through a Samsung Android smartphone. After opening the application, literally in a few seconds a message appears that a new Cloud Gateway Ultra device has been found with an offer to continue the configuration. The first setup can take from 4 to 20 minutes, so it is better to have the smartphone charged.

Also, the speed is displayed on the display of the router itself

Since this security gateway already has a built-in UniFi controller, there is no need for separate local services or a hardware Cloud Key device.

If you have any questions, ask in the comments, I will be happy to share my experience in using this router!

Each device has both its advantages and disadvantages:

• If you have one ISP and there is limited space to install the gateway, and this gateway will always be behind a closed door of the distribution box, then Gateway Lite is the choice.
• If you need uninterrupted Internet, namely the ability to control two WAN ports, the device will be in an open place, then Cloud Gateway can be the choice.

Let’s now look at the basic comparison table of the main characteristics of these two Unifi security gateways

Features	UXG Lite	UCG-Ultra
Processor	Dual-core ARM® Cortex®-A53 at 1 GHz	Quad-core ARM® Cortex®-A53 at 1.5 GHz
Memory	1 GB DDR3L	3 GB DDR4
On-board storage	–	16 GB eMMC
Management	Ethernet Bluetooth 5.1	Ethernet Bluetooth
Networking	LAN: (1) GbE RJ45 port WAN: (1) GbE RJ45 port	LAN: (4) GbE RJ45 ports WAN: (1) 1/2.5 GbE RJ45 port
IDS/IPS throughput	–	1 Gbps
Power consumption	3.83W	6.2W
Display	LED	LCM 0.96″ status display
Dimensions	98 x 98 x 30 mm (3.9 x 3.9 x 1.2″)	141.8 x 127.6 x 30 mm (5.6 x 5 x 1.2″)
Weight	320 g (11.3 oz)	520 g (1.1 lb)
Enclosure material	Polycarbonate	Polycarbonate
Power	USB type C (5V/3A)	USB type C (5V DC/3A)
Performance	WiFi QoS with UniFi APs Application, domain, and country-based QoS Application and device type identification Additional internet failover with LTE Backup Internet quality and outage reporting	WiFi QoS with UniFi APs Application, domain, and country-based QoS Application and device type identification Additional internet failover with LTE Backup Internet quality and outage reporting Redundant WAN with failover and load balancing
Next-generation security	Application-aware firewall rules Signature-based IPS/IDS threat detection Content, country, domain, and ad filtering VLAN/subnet-based traffic segmentation Full stateful firewall	Application-aware firewall rules Signature-based IPS/IDS threat detection Content, country, domain, and ad filtering VLAN/subnet-based traffic segmentation Full stateful firewall
Advanced networking	License-free SD-WAN* WireGuard, L2TP and OpenVPN server OpenVPN client OpenVPN and IPsec site-to-site VPN One-click Teleport* and Identity Enterprise VPN** Policy-based WAN and VPN routing DHCP relay Customizable DHCP server IPv6 ISP support	License-free SD-WAN WireGuard, L2TP and OpenVPN server OpenVPN client OpenVPN and IPsec site-to-site VPN One-click Teleport and Identity VPN Policy-based WAN and VPN routing DHCP relay Customizable DHCP server IGMP proxy IPv6 ISP support
Application Requirements	UniFi Network Version 8.0.7 and later	Mobile app UniFi iOS: Version 10.12.0 and later UniFi Android: Version 10.11.2 and later

In this case, the main advantage of UCG-Ultra over UXG Lite is the presence of a large number of ports, namely the possibility of configuring one LAN port in the WAN, which allows you to connect a second provider. This is very useful when used in a small office. The second advantage is the built-in management controller, which makes it possible to forget about an external server or CloudKey.

If you find additional differences, then join the discussion in the comments.

Introduction

On November 20, 2023, a compact and powerful UniFi gateway with a full set of advanced routing and security features was announced. Thanks to its small size and modern features, this UXG-Lite router immediately became desirable. Since I already use other Ubiquiti networking products such as the U6 Lite access point and the USW Lite 8 PoE 8-port switch, it would be logical to add another security gateway to the existing Ubiquiti ecosystem.

I managed to order UXG-Lite only on December 18, 2023 through the official online store store.ui.com. After 10 days, I received it in Ukraine.

Features

Since this router is modern, of course it has quite powerful characteristics:

• Processor Dual-core ARM® Cortex®-A53 at 1 GHz
• Memory 1 GB DDR3L
• Control interface Ethernet and Bluetooth 5.1
• LAN network interface: (1) RJ45 GbE port
• WAN Network Interface: (1) RJ45 GbE port
• Power supply USB type C (5 V/3 A)
• Power consumption 3.83 W
• Dimensions 98 x 98 x 30 mm (3.9 x 3.9 x 1.2 inches)
• Weight 320g (11.3oz)

Of course, these are the main and main characteristics that are needed when choosing a device, this router also supports the following functions:

Performance

• WiFi QoS with UniFi APs
• Application, domain, and country-based QoS
• Application and device type identification
• Additional internet failover with LTE Backup
• Internet quality and outage reporting

Next-generation security

• Application-aware firewall rules
• Signature-based IPS/IDS threat detection
• Content, country, domain, and ad filtering
• VLAN/subnet-based traffic segmentation
• Full stateful firewall

Advanced networking

• License-free SD-WAN*
• WireGuard, L2TP and OpenVPN server
• OpenVPN client
• OpenVPN and IPsec site-to-site VPN
• One-click Teleport* and Identity Enterprise VPN**
• Policy-based WAN and VPN routing
• DHCP relay
• Customizable DHCP server
• IPv6 ISP support

There is a feature – this router can be controlled ONLY through the self hosted UniFi controller or through the CloudKey device. If you decide to use a UniFi controller, its version must not be lower than 8.0.7!

Unboxing

Since it was an international shipment, the parcel was tightly packed in a soft transport bag. The box looks pretty sturdy. The router is schematically displayed in white on the front. On the reverse side, the router connection diagram is displayed on top, and information about the device itself with a hologram, which confirms the originality of the product, is displayed on the bottom. In my case, the UXG-Lite is produced in Vietnam and tested on November 29, 2023, which indicates that the model is fresh.

The box opens by pulling the cardboard element. On the inner lid of the box is a bright blue QR code with a link to the electronic manual, with instructions for the first connection.

In the box, the router is placed in the center and protected by a plastic form. UXG-Lite is white in color and has a matte surface, so that dirt does not get into it, it is wrapped in a protective film.

Under the plastic form is the power supply unit. The power supply itself meets the requirements of Quick Charge 3.0, namely 5V 3A or 9V 1.6A. The power supply cable is not removable. Since I ordered this security gateway in the USA, the connector is also adapted to US sockets.

At the bottom of the box, the manual is firmly glued, hinting that you are using the electronic manual. Also, it is still in an additional film, which creates a repeated obstacle to familiarization. In addition to the instructions, there are warranty and safety conditions.

Connection

UXG-Lite has a very compact size, which makes it possible to place it in the installation box of the house. The case is minimalist, only four elements:

• Reset button
• Type-C power connector
• RJ-45 for local network
• RJ-45 for Internet access

After physically connecting all the connectors, I tried to add the UXG-Lite to the existing UniFi controller, but the phone could not establish a connection via Bluetooth.

I decided to set up via a wired connection to a computer running Windows 10. To begin with, I needed to determine the IP address that the router gave me via DHCP. In the properties it was indicated:

192.168.1.1 - gateway
192.168.1.28 - IP address of the PC

After going to the specified address in the browser, I got to the page of the router setup wizard. The master immediately proceeded to diagnosing the presence of the Internet and informed me that there was no access to the Internet. This is a result of my ISP using device MAC address provisioning. After changing the MAC address and re-diagnosis, the router gained access and I went to the main settings:

1. Choosing a security gateway name (I left UXG-Lite unchanged)
2. Login to the UI account by entering a login, password and two-factor authentication code
3. Selecting an existing UniFi controller

And then at the third stage there was a conflict again, because the UniFi controller was installed on a device that had an address in a different local subnet, so I had to go back a step and change the subnet to the one I used before

192.168.99.1

After rebooting the router, all devices in the local network received new IP addresses in the new range, and of course the Raspberry Pi, on which the UniFi controller is installed, also received a new address! Using Ubiquiti’s WifiMan Android app, I determined that the Raspberry Pi had received a different address

192.168.99.218

At the stage of selecting the UniFi controller, I selected the “connect manually” option, where I changed the IP address to a new one. After a few minutes, the UXG-Lite registered with the UniFi controller for further settings.

Thus, the first initialization and basic setup can be considered a success!

Features Overview

When you log in, the main screen of the UniFi controller displays general information about traffic, clients, Wi-Fi and other activity. In this article, I will not describe the UniFi controller interface, but I will note which new sections or functions have become active with the appearance of the new gateway.

On the main page, in the right column, information about the IP address, provider, uptime of the device and access to the Internet began to be displayed. The value of service feedback has also appeared to determine the quality of Internet services.

Gateway – This section became active with UXG-Lite. The gateway has three tabs:

• traffic
• filtering
• geo-blocking

In these sections, you can very flexibly block or allow traffic for certain devices, services, devices, and even for the IP address belonging to a certain country.

Customization Features – In the customization section, many sections have also become active, namely:

• Internet
• VPN
• Security
• Routing

All sections are organized into logical blocks, which allows you to intuitively understand which settings need to be made to achieve a certain result.

If you have any questions, I invite you to discuss them in the comments!

I recommend that you watch the video version of the UXG-Lite security gateway review, which is available with Ukrainian voice acting. If you prefer to read, I have prepared a text description for you as well.

I was interested in the UCG Ultra router because of its advantages over the UXG Lite, namely:

• Ability to use 2 WAN ports with balancing
• Management with UniFi Site Manager, eliminating the need to purchase a CloudKey
• Additional LAN ports
• Compact size

I managed to order it on the first day of release!

I hope to receive it in two weeks and will be happy to review it and compare it to the UXG Lite!