When I first got my Ubiquiti UXG-Lite gateway, I was excited to set it up and integrate it into my UniFi network. The device is powerful, minimalistic, and designed for professional-grade routing – but even the best hardware can run into trouble when firmware updates go wrong.

In this article, I’ll share my personal experience of how my brand-new UXG-Lite became completely unresponsive after a firmware update – and how I managed to bring it back to life using Recovery Mode. If you’ve accidentally “bricked” your UXG-Lite, this guide will help you recover it safely.

Introduction

I bought a new Ubiquiti UXG-Lite gateway and connected it for the first time. It successfully adopted on my self-hosted UniFi Network Application server running on a Raspberry Pi. I configured almost all of my network settings and was ready to finish the setup.

Then I saw a notification that a new firmware version was available. Great! I decided to upgrade immediately – a perfect way to wrap up my network day. However, after the router automatically rebooted, the nightmare began!!!

• The gateway refused to adopt. The UniFi interface kept showing messages like “Reset device to adopt”. After rebooting my switch, I completely lost network connectivity.
• Neither my UniFi switch nor my AP received IP addresses, and even my laptop couldn’t get an IP when directly connected to the LAN port of the UXG-Lite.
• To make things worse, the UniFi mobile app didn’t send any Bluetooth setup notifications, leaving me with no way to re-adopt the router.

I spent over two hours troubleshooting and chatting with Ubiquiti support – but without any working solution.

The reason of failure

The problem turned out to be related to the firmware update sequence. My device was updated directly from the factory firmware v3.1.15 to v4.3.2, skipping several intermediate versions. This large version jump caused the system to fail during initialization.

To resolve the issue, I had to downgrade the firmware from v4.3.2 to v4.1.13, which restored the gateway to working condition.

Prepare UXG-Lite and PC

There’s only one way to perform a firmware downgrade – by using Recovery Mode. The process is simple and takes just a few steps.

1. Download the firmware – Go to the official Ubiquiti website and download the firmware file you want to install. In my case, I downloaded version 4.1.13.
2. Configure your PC network settings – Set a static IP address in the 192.168.1.0/24 subnet. When I performed the recovery, I used 192.168.1.11.
3. Boot the UXG-Lite into Recovery Mode
   • Power off the UXG-Lite.
   • Using a toothpick or paperclip, press and hold the Reset button.
   • While holding the button, power on the router.
   • Keep holding for about 15 seconds, then release the button.
   • Connect your PC to the LAN port of the UXG-Lite.

Recovery process

In Recovery Mode, the gateway uses the reserved IP address 192.168.1.30. Open this address in a web browser – you should see the Recovery Mode interface.

This page displays system information and available recovery actions. In my case, it showed the current firmware version v4.3.2.33ac906. For safety, I checked the file system before proceeding.

Next, upload the firmware file you downloaded earlier.

The downgrade process will start automatically and usually takes about 2 minutes. Once it’s complete, you’ll see a confirmation message and the new firmware version displayed on the page.

Finally, click the Reboot button to restart your UXG-Lite.

Enjoy!

Conclussion

After the reboot, the gateway started working normally again – it was successfully adopted and became fully functional.

If your UXG-Lite becomes unresponsive after an update, don’t panic. Recovery Mode is your best friend. Just follow the steps above carefully, and you’ll bring your device back to life.

Firmware updates can occasionally fail, especially when jumping across major versions. To avoid this issue in the future, I recommend upgrading step-by-step through intermediate versions rather than directly to the newest release.

I have a Postfix mail server, and I regularly check its logs to identify junk IP addresses. On my UniFi Ubiquiti gateway, I created a blacklist to block this suspicious activity. For me, it’s a good idea to block unwanted IPs directly on the router, using its filtering power.

Over time, the list has grown to more than 200 IP addresses. When I tried to copy and paste this IP list from the UniFi web interface, I noticed that only the visible IPs were copied – all others, hidden by scrolling, were ignored. Since I didn’t want to manually copy the list six entries at a time, I decided to extract the IPs in another way.

New name and location of list

After upgrading the UniFi Network Application to version 9.5.21, the Network Objects were renamed to Network Lists.
The UI uses lazy loading, meaning only visible elements are loaded in the browser window. Therefore, when copying manually, I can only get the IPs that are currently displayed.

To view IP Network Lists in the UniFi Cloud Network Application or a self-hosted UniFi instance, do the following:

1. Open Settings
2. Click the Overview menu
3. Scroll down to find the Network Lists section

Where IP Network List located?

I know that the UniFi gateway runs on a Linux-based OS, which means it uses iptables and ipset to manage network rules.
The name of my Network List is Postfix Blacklist, which helps me locate the corresponding rule quickly. To find this list, I need to connect to the gateway via SSH.

Connect to gateway via SSH

Before connecting, I need to make sure that SSH access is enabled. For cloud-based gateways such as UCG Max, this option is found in:

Settings → Control Plane → Console tab

If SSH is disabled, enable it and set a password. Once it’s active, connect using the root account:

ssh [email protected]

Find the IP list

After connecting, I can list all ipset entries using the following command:

sudo ipset list

I found my blacklist under the section named:

UBIOS46894dcc581515d0a7d85e9ba

Example output:

Name: UBIOS46894dcc581515d0a7d85e9ba
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 10000
Size in memory: 6976
References: 1
Number of entries: 312
Members:
162.142.125.216
204.76.203.231
23.185.120.116
...
128.14.236.41
147.185.133.191
20.163.60.142

The corresponding configuration file is located at:

/data/udapi-config/udapi-net-cfg.json

Now I can manage this list directly from the console — copy, export, or edit the data as I need.

Conclussion

By exploring how UniFi gateways manage firewall and network lists internally, I found that it’s possible to bypass the visual limitation of the UniFi interface and access the complete blacklist directly from the system.

This approach is especially useful for administrators who regularly monitor and block spam or malicious IPs at the network level.
Managing lists through SSH provides more control, easier backup options, and the ability to automate updates – something that the web UI currently limits.

Blocking suspicious IPs directly at the gateway remains one of the most efficient ways to protect the network and reduce unwanted traffic to the mail server.

I recently had to go through the process of returning a router Ubiquiti UXG-Lite according to the program RMA due to hardware failure. This experience turned out to be interesting not only from a technical point of view, but also from the point of view of international logistics and warranty conditions. In this posts i detailed describe each stage.

What is an RMA?

RMA (Return Merchandise Authorization) is an official procedure for returning equipment to the manufacturer for diagnosis, repair or replacement. In other words, this is a kind of “permission to return”, which confirms that the manufacturer has recognized the device as defective and is ready to accept it back.

For Ubiquiti RMA is a key element of after sales service. If the user has hardware problems that cannot be solved by updating the firmware or changing the settings, the support service after analyzing the logs and tests can issue an authorization for RMA. Next, the device is sent to the manufacturer’s service center, where it is checked and, depending on the terms of the warranty and the nature of the breakdown, provided repair or replacement with a new copy.

Background and problem with the router

July 14, 2025 year I first encountered a problem – the internet is gone, while the indicators on the equipment lit up as usual. The ISP confirmed that the problem was not on their end, but within my network. After restarting the gateway, the situation is not improved. Only restarting the switch briefly restored communication, but then the problem recurred. I checked the cable connected between the gateway and the switch – it was good, which I confirmed with the RJ45 tester. I collected diagnostic support files from the equipment and handed them over to technical support Ubiquiti.

A few days later, another, more serious problem appeared: the UXG-Lite gateway began to overload periodically, while the use of processor resources reached 100%. IN logs errors appeared WHO- packages and notice of HLOS Panic [0x47]. I suspected it might be related to a known vulnerability CVE-2023-33063 in chipsets Qualcomm IPQ5018 (on which it is based UXG-Lite). This error causes memory corruption and system crash. I even asked support if there was a patch – they replied that the information was passed on to the developers for future updates.

July 27-29, 2025 year, the situation was repeated every day:

• The network worked for 12–24 hours
• Then the gateway suddenly lost the interface br0 (core bridge VLAN)
• Recovery was possible only after hard reboot

Based on the following symptoms, I received a final conclusion of support:

“Loss of interface br0 indicates an internal failure. This is a hardware issue that is unrelated to the software part and cannot be fixed by firmware.”

2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Link DOWN
2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Lost carrier

This means that the device’s primary network bridge occasionally just “fell off”what led to before disconnection. It’s official to me recommended to issue an RMA to replace the device.

Stages of the RMA process

Ubiquiti’s official RMA system shows six statuses through which the request goes. Of course, there are intermediate stages, such as sending the router and receiving it. Upon completion process I took a final screenshot and that’s it posts I will describe each stage in detail.

Sending a request

This is the first stage when I act as the initiator of the application. Of course, in order to submit a claim, there must be some proof that the device is faulty, such as a photo of the damage or a report from the support service with evidence in the form of logs. So I submitted an application with the following text:

Application approval

The next day, the application was approved without any comments. From the day the application is approved, the user has 30 days to send the device. I understood that my router was unstable, but I decided to continue analyzing the problem for another 10 days, working closely with support.

Sending the router to the Netherlands

After the application was approved, I was given the following recommendations for shipping and packing the router:

• Need to print packing slip and put it inside the box.
• Provide readability of the sticker with the MAC address on the device.
• No need to send original packaging or accessories.
• If it is part of a kit, it must be returned in its entirety (this is the rule for the AmpliFi Kit, but the UXG-Lite is a separate device).

I packed the router as recommended and sent it to of the Netherlands. I paid for international shipping 544 hryvnias, which is equivalent to $13. In the window Awaiting RMA Item I confirmed the shipment by clicking on the link “Mark as Sent“. After that, the status was updated to “Product Sent“.

Now it remains to wait for the device to be accepted, checked and will send I have a replacement.

Receipt of the router by the RMA

National Post of Ukraine – Ukrposhta delivered the package to the Netherlands quite quickly – in a week, but it was delayed at customs in the Netherlands. I decided to notify the RMA manager about this so that the company can resolve the customs issues and speed up the process of receiving the router. The router was still at customs for more than two weeks until it was cleared. It turned out that in the Netherlands, duty is charged on any product, so Ubiquiti paid an additional €33.63, which caused a delay in logistics.

• August 15 – Request for payment of shipment costs sent
• August 27 – Payment for shipment costs received

The total delivery time was 3 weeks.

Testing UXG-Lite

On the day of receipt of the router, RMA specialists tested it, which I received a message by mail. This message is usually sent with the receipt message.

Fulfillment

Literally in half an hour I received another message about changing the status to “Fulfillment”. Such a quick reaction is most likely due to the fact that the shipment is created electronically through the postal service.

Sending the router to me

When I already physically sent the router by mail to the Netherlands, I was told in support that RMA does not send devices to Ukraine on the way back, so they expect me to eat i hope another receiving address in the EU.

It’s good that I have the possibility to use the services of a remote warehouse in Poland, so I sent a new address that was transferred to the RMA service. According to this address, a shipment was created on the same day. Of course, this is the way Netherlands -> Poland -> Ukraine and longer in terms of time and more expensive in terms of finances, because the shipment will be at my expense.

• Dispatch Netherlands -> Poland was held by a logistics company FedEx by Ubiquiti and the deadline was only 2 days
• Dispatch Poland -> Ukraine was held by a Ukrainian logistics company Meest at my expense, I paid €7.5 and lasted 7 days

Receiving the device

I received a notification from the postal company Most that the package is already in the branch and can be picked up. I was surprised by the size of the box, which was twice the size of the original packaging. After opening the shipping box, I saw a new UXG-Lite router, but with a European revision.

An amazing moment with a guarantee

Official warranty for the UXG-Lite router – 1 year. At the time of my appeal the warranty period has long passed. However, after diagnosis, technical support is still available approved by RMA – obviously, given the nature of the malfunction and the confirmation that it is a non-standard operation of the device. After sending the router, I was not charged additional money, so I consider it free.

Another nuance – although the purchase was made through a website in the USA, I had to send the device not to America, but to the Netherlands. This is due to the fact that Ubiquiti has a European service center that serves customers from this region.

Conclusions

Even after the warranty expires Ubiquiti can approve an RMA if there is proof of a manufacturing defect and the device was purchased directly from the ubiquiti website. The process is clearly structured: from submitting an application to receiving a new device. Logistics can be international, even if the purchase is made in another country. The main thing is to save all evidence of the malfunction (logs, screenshots, description).

Connection Dahua IP camera to a router with a video recorder function Ubiquiti UCG‑Max is a great way to integrate an existing video surveillance system into the ecosystem UniFi Protect, without spending money on a complete replacement of equipment. And although previously only Ubiquiti cameras were supported, now the situation has changed.

Support Third‑Party Cameras (ONVIF-compatible cameras) c UniFi Protect appeared relatively recently – it was introduced in version 5.0 Protect, the release of which was announced in October 2024 year The successful addition of third-party cameras to UniFi Protect has been officially confirmed in the Community Release version UniFi Protect 5.0.33, where support for receiving ONVIF cameras has already appeared.

To configure, you must perform the following sequence of actions:

• Dahua camera settings
• Activation of UniFi Protect
• Adding a camera

I will start sequentially with screenshots.

Dahua camera settings

I have one of the budget cameras Dahua DH-IPC-HDW1230T1-S5, I used to use a software video recorder that was installed on my Raspberry Pi. But after purchasing a new router, I decided to migrate to a built-in solution UniFi Protect.

Camera firmware

You need to select an item System -> Upgrade -> Manual check. In my case, the firmware was updated recently, in June 2025, which indicates that the camera is still being supported.

ONVIF activation

This option is included in the section Network -> Access Platform -> ONVIF -> Authentication -> ON -> Save

For authentication, you need to create an ONVIF user System -> Account -> ONVIF User. Here you can either create a new user or edit an existing one.

Date and time

I thought this setting was not important, but I decided to follow the recommendations. To do this, I selected the System -> General -> Date&Time menu and checked that all my settings correspond to the necessary ones and the time is displayed correctly.

This preliminarily completes the camera setup.

Activation of UniFi Protect

By default, UniFi Protect is not activated. To activate it, you need to go to the section Settings -> Console Plane and in the list of additional services opposite Protect to press Install and wait for the installation to complete.

Installation took about 5 minutes. The latest version at that time was displayed in the list UniFi Protect 6.0.53. An additional tab appeared in the upper panel – Protect, let’s go to it. A feature video has been played in the Dashboard section UniFi Protect and a link to the setup guide. It looks touching!

Adding a camera

To activate cameras from other manufacturers, you need to go to the section Settings -> System ->Advanced and put a check mark opposite Discover 3rd-Party Cameras.

After applying the changes, you need to go to the Unifi Devices menu and my Dahua DH-IPC-HDW1230T1-S5 camera will automatically appear in the list. In order for it to be added, you just need to click on the Click to Adopt link.

A window will open, where you need to enter the login and password for the camera, and click on the confirmation button – Confirm.

Almost instantly, the camera will connect and you can see its status. After the camera has already been added, you can go to the main Dashboard page and see the general information.

Advantages and disadvantages of UniFi Protect

Here we are talking about cameras with ONVIF support, i.e. from third-party manufacturers, like mine – Dahua DH-IPC-HDW1230T1-S5. I have a little experience working with video surveillance cameras, starting with Dahua and Hikvision complexes and with software solutions such as NX Witness. Since I only have one camera, I decided to describe exactly the criteria that led me to try Ubiquiti UniFi Protect.

I bought a router Ubiquiti UCG-Max in order to additionally receive a modern, powerful video recorder with a memory capacity of 512 GB. That is, I was counting on a 2-in-1 device. In general, my expectations were met, because the ecosystem Ubiquitii like I considered the criterion of economy and rationality of using one device instead of two. If you paint it by points, it looks like in comparison Ubiquiti UCG-Max and Ubiquiti UXG-Lite + Hikvision DS-E08NL-Q1 So:

• The price of these sets is almost the same
• Size UCG-Max smaller than a router + video recorder

Unfortunately about disadvantages I found out today while setting up and writing this article. Through a single ecosystem Ubiquitidecided to limit not only proprietary functions such as artificial intelligence for recognizing faces and license plates, but also completely banal unremarkable functions, at least this the absence of the possibility of recording by movement or event this sucks for me, because no one is going to watch 100 hours of video in one stream, it’s very inconvenient!

Conclusion

Adding third-party IP cameras, including Dahua, to Ubiquiti UCG-Max with UniFi Protect is a real opportunity to build a unified video surveillance system based on existing equipment. However, there are limitations to consider: you only get basic 24/7 or scheduled video recording, without full integration of “smart” camera features. This solution is ideal for those who want to centralize the archive and remote access, but do not count on deep analytics in Protect, but definitely not for me!

I will buy a budget camera for this solution UbiquitiG5 Turret Ultra which costs $129, and has basic functionality in the form of a regular one motion or event recording, which suits me perfectly. Otherwise I will be forced to sell Ubiquiti UCG-Max and buy a budget router and a portable video recorder separately.

Ubiquiti’s UniFi Network Controller provides a user-friendly interface for network management, but for deeper diagnostics and configuration, command line access via SSH is sometimes required. For security and convenience, you should use an SSH key instead of a password. This article explains how to create an SSH key, add it to the UniFi Controller, and use it to log in to the device.

Generation of SSH keys

I have an Ubuntu operating system installed, so I’ll be using that for all setups. In the terminal, you need to execute the command to generate private and public SSH keys.

ssh-keygen -t ed25519 -C "unifi-access"

You will be asked to specify the path to save the key and its name. Specify where it will be stored, usually it is the user’s home directory, and give the name unifi_key or press Enter for the default path (~/.ssh/id_rsa).

Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/UserName/.ssh/id_ed25519): unifi_key

After that, you will be asked to create a password for the private key. This password will always be requested when accessing this key, however I will add the data to the ssh agent to avoid having to enter this password all the time and keep the system secure.

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

As a result, two files will be generated:

• Private key: ~/.ssh/unifi_key
• Public key: ~/.ssh/unifi_key.pub

Adding a public key

In the new Unifi Network interface, the remote control settings section has been moved to the devices section:

Unifi Devices -> Device Updates and Settings -> Device Settings -> SSH Keys

To do this, you will need to enter the name of the public key and its content.

To view the contents of the newly created public key, open it:

cat ~/.ssh/unifi_key.pub
ssh-ed25519 AAA.....cpoM unifi-access

We copy this line into the corresponding block and add it to the controller. We click on the Apply Changes button and we have the key, it remains to add it to the agent and check the connection.

How to add a key to the SSH agent

To avoid specifying the path to the public key each time, you can add the key to the SSH agent. If a password was previously created for the private key, it must be entered.

ssh-add ~/.ssh/unifi_key
Enter passphrase for /home/home/.ssh/unifi_key: 
Identity added: /home/home/.ssh/unifi_key (unifi-access)

Checking the connection

Now from this PC, you can connect to any device that is added to the UniFi controller without specifying a password, but the login must already be root.

ssh [email protected]
Linux UXGLite 5.4.213-ui-qcom #5.4.213 SMP PREEMPT Wed Apr 30 13:12:54 CST 2025 aarch64

Firmware version: v4.1.13

Conclusions

Using SSH keys to access UniFi devices is a more secure and convenient approach compared to passwords. Keys are harder to intercept and, if used correctly, can be easily updated and revoked. UniFi Controller allows you to centrally distribute keys to all devices, which simplifies the administration of a large network.

After analyzing my Postfix server’s activity graph using Zabbix, I discovered that every 5 minutes, an attacker attempts brute-force login attempts. To prevent this, I decided to manually configure firewall rules and demonstrate how to create an IP blacklist rule.

On my Ubiquiti UniFi UXG-Lite router, it is possible to block specific IP addresses or subnets by creating Network Objects and using Firewall Policy.

Creating a Blacklist Group

A blacklist is a list of IP addresses and/or subnets, organized as a network object group. To create such a group, follow these steps:

1. Click the Settings (gear icon) menu.
2. Select Profiles.
3. Navigate to Network Objects.
4. Click Create New.

In the Network Objects screen, fill in the following fields:

• Object Name – e.g., Postfix Black List.
• Type – Select “IPv4 Address/Subnet” from the dropdown list.
• Address – Enter the first IP address or subnet.

Click Add to create the list and apply the changes.

Creating a Blocking Rule for Ubiquiti UniFi Zone-Based Firewall

Given that my router has been updated, a new feature has been activated – Zone-Based Firewall. It visually divides rules into groups according to their type. Therefore, I will make settings in the new interface, where rules are already called policies.

According to the zone table, the policy must be added to the cell at the intersection of Source External and Destination Internal. To do this, click on the cell and at the very bottom of the policy list, click on the Create Policy button.

The principle of the policy is simple:

• Detect external traffic for the presence of IP addresses and/or subnets that are blacklisted
• Block traffic from the corresponding IP addresses and/or subnets, provided that the traffic is directed to the local network.

This setting appeared only in Zone-Based Firewall, because before this innovation it was possible to block all traffic. Now the settings are more flexible, so such a policy can be created for each zone separately.

A sidebar will open on the right, where you need to fill in the appropriate fields. The fields are grouped by blocks to make it easier to navigate the settings:

Name: Postfix Black List.

Source Zone block

• The External value will be the default if the required cell in the Zone-Based Firewall table was previously specified, otherwise you must select the External value
• Select the IP value
• Select the Object value
• From the drop-down list, select the previously created Postfix Black List group
• Select the value Port: Any

Action block

• Select the Block value

Destination Zone block

• The Internal value will be the default if the required cell in the Zone-Based Firewall table was previously specified, otherwise you must select the Internal value
• Select the Any value
• Select the value Port: Any

Additional settings block

• IP Version: IPv4
• Protocol: All
• Connection State: All
• Syslog Logging: checkbox enabled
• Schedule: Always
• Description: Block all IP’s from the Postfix blacklist

Click Add Policy. The new rule will appear in the list and be applied immediately.

Verifying Policy Functionality

Blocked traffic logs can be found in the System Log under the Triggers tab. You can review individual entries to confirm that the policy is working as expected.

Conclusion

The Zone-Based Firewall feature in Ubiquiti UniFi allows effective blocking of unwanted traffic using IP blacklists. Utilizing Network Objects and flexible policies in the new interface simplifies network security management.

Foreword

My first impressions are incredibly bright because it really is a powerful device with a modern interface, controls, an intuitive configuration tool!

Unboxing

Box in a minimalist design in beige cardboard. The size of the box has significantly increased to 175 x 160 x 80 mm. On the back of the box, on the lower left, there is a label pasted with information about the country of manufacture, the address and a hologram that the product is certified and authentic. As in the previous version, the box is opened by pulling on a special opening tab. After opening the box, as in the previous version, there is a bright blue qr-code in the center, which leads to the instructions for the first connection. That is, at the first stage

After turning this side of the box in the center, the router itself is flaunted in a matte factory film. Under the router, after removing the white tab, in the plastic section there is a 5V 3A charger, a short 15 cm patch cord, legs in the form of a sticker, and a very small paper instruction is inserted into the side pocket. I took a photo of each element separately and larger. Everything was placed compactly and competently, I liked it.

In order to understand the difference in size and number of ports, the location of elements, I decided to physically compare the two models UXG-Lite and UCG Ultra, see how incredible the difference is.

Settings and Speed test

After waiting for the router to fully load, which is about 2-3 minutes, I saw an animated recommendation to continue setting up on the display. The display displays information clearly and interactively, it’s just great!

When accessing the Internet, the setting takes place through the UniFi application via Bluetooth. I made the settings through a Samsung Android smartphone. After opening the application, literally in a few seconds a message appears that a new Cloud Gateway Ultra device has been found with an offer to continue the configuration. The first setup can take from 4 to 20 minutes, so it is better to have the smartphone charged.

Also, the speed is displayed on the display of the router itself

Since this security gateway already has a built-in UniFi controller, there is no need for separate local services or a hardware Cloud Key device.

If you have any questions, ask in the comments, I will be happy to share my experience in using this router!

Each device has both its advantages and disadvantages:

• If you have one ISP and there is limited space to install the gateway, and this gateway will always be behind a closed door of the distribution box, then Gateway Lite is the choice.
• If you need uninterrupted Internet, namely the ability to control two WAN ports, the device will be in an open place, then Cloud Gateway can be the choice.

Let’s now look at the basic comparison table of the main characteristics of these two Unifi security gateways

Features	UXG Lite	UCG-Ultra
Processor	Dual-core ARM® Cortex®-A53 at 1 GHz	Quad-core ARM® Cortex®-A53 at 1.5 GHz
Memory	1 GB DDR3L	3 GB DDR4
On-board storage	–	16 GB eMMC
Management	Ethernet Bluetooth 5.1	Ethernet Bluetooth
Networking	LAN: (1) GbE RJ45 port WAN: (1) GbE RJ45 port	LAN: (4) GbE RJ45 ports WAN: (1) 1/2.5 GbE RJ45 port
IDS/IPS throughput	–	1 Gbps
Power consumption	3.83W	6.2W
Display	LED	LCM 0.96″ status display
Dimensions	98 x 98 x 30 mm (3.9 x 3.9 x 1.2″)	141.8 x 127.6 x 30 mm (5.6 x 5 x 1.2″)
Weight	320 g (11.3 oz)	520 g (1.1 lb)
Enclosure material	Polycarbonate	Polycarbonate
Power	USB type C (5V/3A)	USB type C (5V DC/3A)
Performance	WiFi QoS with UniFi APs Application, domain, and country-based QoS Application and device type identification Additional internet failover with LTE Backup Internet quality and outage reporting	WiFi QoS with UniFi APs Application, domain, and country-based QoS Application and device type identification Additional internet failover with LTE Backup Internet quality and outage reporting Redundant WAN with failover and load balancing
Next-generation security	Application-aware firewall rules Signature-based IPS/IDS threat detection Content, country, domain, and ad filtering VLAN/subnet-based traffic segmentation Full stateful firewall	Application-aware firewall rules Signature-based IPS/IDS threat detection Content, country, domain, and ad filtering VLAN/subnet-based traffic segmentation Full stateful firewall
Advanced networking	License-free SD-WAN* WireGuard, L2TP and OpenVPN server OpenVPN client OpenVPN and IPsec site-to-site VPN One-click Teleport* and Identity Enterprise VPN** Policy-based WAN and VPN routing DHCP relay Customizable DHCP server IPv6 ISP support	License-free SD-WAN WireGuard, L2TP and OpenVPN server OpenVPN client OpenVPN and IPsec site-to-site VPN One-click Teleport and Identity VPN Policy-based WAN and VPN routing DHCP relay Customizable DHCP server IGMP proxy IPv6 ISP support
Application Requirements	UniFi Network Version 8.0.7 and later	Mobile app UniFi iOS: Version 10.12.0 and later UniFi Android: Version 10.11.2 and later

In this case, the main advantage of UCG-Ultra over UXG Lite is the presence of a large number of ports, namely the possibility of configuring one LAN port in the WAN, which allows you to connect a second provider. This is very useful when used in a small office. The second advantage is the built-in management controller, which makes it possible to forget about an external server or CloudKey.

If you find additional differences, then join the discussion in the comments.

Introduction

On November 20, 2023, a compact and powerful UniFi gateway with a full set of advanced routing and security features was announced. Thanks to its small size and modern features, this UXG-Lite router immediately became desirable. Since I already use other Ubiquiti networking products such as the U6 Lite access point and the USW Lite 8 PoE 8-port switch, it would be logical to add another security gateway to the existing Ubiquiti ecosystem.

I managed to order UXG-Lite only on December 18, 2023 through the official online store store.ui.com. After 10 days, I received it in Ukraine.

Features

Since this router is modern, of course it has quite powerful characteristics:

• Processor Dual-core ARM® Cortex®-A53 at 1 GHz
• Memory 1 GB DDR3L
• Control interface Ethernet and Bluetooth 5.1
• LAN network interface: (1) RJ45 GbE port
• WAN Network Interface: (1) RJ45 GbE port
• Power supply USB type C (5 V/3 A)
• Power consumption 3.83 W
• Dimensions 98 x 98 x 30 mm (3.9 x 3.9 x 1.2 inches)
• Weight 320g (11.3oz)

Of course, these are the main and main characteristics that are needed when choosing a device, this router also supports the following functions:

Performance

• WiFi QoS with UniFi APs
• Application, domain, and country-based QoS
• Application and device type identification
• Additional internet failover with LTE Backup
• Internet quality and outage reporting

Next-generation security

• Application-aware firewall rules
• Signature-based IPS/IDS threat detection
• Content, country, domain, and ad filtering
• VLAN/subnet-based traffic segmentation
• Full stateful firewall

Advanced networking

• License-free SD-WAN*
• WireGuard, L2TP and OpenVPN server
• OpenVPN client
• OpenVPN and IPsec site-to-site VPN
• One-click Teleport* and Identity Enterprise VPN**
• Policy-based WAN and VPN routing
• DHCP relay
• Customizable DHCP server
• IPv6 ISP support

There is a feature – this router can be controlled ONLY through the self hosted UniFi controller or through the CloudKey device. If you decide to use a UniFi controller, its version must not be lower than 8.0.7!

Unboxing

Since it was an international shipment, the parcel was tightly packed in a soft transport bag. The box looks pretty sturdy. The router is schematically displayed in white on the front. On the reverse side, the router connection diagram is displayed on top, and information about the device itself with a hologram, which confirms the originality of the product, is displayed on the bottom. In my case, the UXG-Lite is produced in Vietnam and tested on November 29, 2023, which indicates that the model is fresh.

The box opens by pulling the cardboard element. On the inner lid of the box is a bright blue QR code with a link to the electronic manual, with instructions for the first connection.

In the box, the router is placed in the center and protected by a plastic form. UXG-Lite is white in color and has a matte surface, so that dirt does not get into it, it is wrapped in a protective film.

Under the plastic form is the power supply unit. The power supply itself meets the requirements of Quick Charge 3.0, namely 5V 3A or 9V 1.6A. The power supply cable is not removable. Since I ordered this security gateway in the USA, the connector is also adapted to US sockets.

At the bottom of the box, the manual is firmly glued, hinting that you are using the electronic manual. Also, it is still in an additional film, which creates a repeated obstacle to familiarization. In addition to the instructions, there are warranty and safety conditions.

Connection

UXG-Lite has a very compact size, which makes it possible to place it in the installation box of the house. The case is minimalist, only four elements:

• Reset button
• Type-C power connector
• RJ-45 for local network
• RJ-45 for Internet access

After physically connecting all the connectors, I tried to add the UXG-Lite to the existing UniFi controller, but the phone could not establish a connection via Bluetooth.

I decided to set up via a wired connection to a computer running Windows 10. To begin with, I needed to determine the IP address that the router gave me via DHCP. In the properties it was indicated:

192.168.1.1 - gateway
192.168.1.28 - IP address of the PC

After going to the specified address in the browser, I got to the page of the router setup wizard. The master immediately proceeded to diagnosing the presence of the Internet and informed me that there was no access to the Internet. This is a result of my ISP using device MAC address provisioning. After changing the MAC address and re-diagnosis, the router gained access and I went to the main settings:

1. Choosing a security gateway name (I left UXG-Lite unchanged)
2. Login to the UI account by entering a login, password and two-factor authentication code
3. Selecting an existing UniFi controller

And then at the third stage there was a conflict again, because the UniFi controller was installed on a device that had an address in a different local subnet, so I had to go back a step and change the subnet to the one I used before

192.168.99.1

After rebooting the router, all devices in the local network received new IP addresses in the new range, and of course the Raspberry Pi, on which the UniFi controller is installed, also received a new address! Using Ubiquiti’s WifiMan Android app, I determined that the Raspberry Pi had received a different address

192.168.99.218

At the stage of selecting the UniFi controller, I selected the “connect manually” option, where I changed the IP address to a new one. After a few minutes, the UXG-Lite registered with the UniFi controller for further settings.

Thus, the first initialization and basic setup can be considered a success!

Features Overview

When you log in, the main screen of the UniFi controller displays general information about traffic, clients, Wi-Fi and other activity. In this article, I will not describe the UniFi controller interface, but I will note which new sections or functions have become active with the appearance of the new gateway.

On the main page, in the right column, information about the IP address, provider, uptime of the device and access to the Internet began to be displayed. The value of service feedback has also appeared to determine the quality of Internet services.

Gateway – This section became active with UXG-Lite. The gateway has three tabs:

• traffic
• filtering
• geo-blocking

In these sections, you can very flexibly block or allow traffic for certain devices, services, devices, and even for the IP address belonging to a certain country.

Customization Features – In the customization section, many sections have also become active, namely:

• Internet
• VPN
• Security
• Routing

All sections are organized into logical blocks, which allows you to intuitively understand which settings need to be made to achieve a certain result.

If you have any questions, I invite you to discuss them in the comments!

I recommend that you watch the video version of the UXG-Lite security gateway review, which is available with Ukrainian voice acting. If you prefer to read, I have prepared a text description for you as well.

I was interested in the UCG Ultra router because of its advantages over the UXG Lite, namely:

• Ability to use 2 WAN ports with balancing
• Management with UniFi Site Manager, eliminating the need to purchase a CloudKey
• Additional LAN ports
• Compact size

I managed to order it on the first day of release!

I hope to receive it in two weeks and will be happy to review it and compare it to the UXG Lite!