UniFi Enterprise Fortress
Gateway (EFG)
25G Cloud Gateway with 500+ UniFi device / 5,000+ client support, 12.5 Gbps IPS routing, and complete high availability.
Runs UniFi Network for full-stack network management
Shadow Mode High Availability with automatic failover provides uninterrupted connectivity (VRRP)*
12.5 Gbps routing with IDS/IPS
License-free, real-time inspection of encrypted packets with NeXT AI Inspection (SSL/TLS decryption)
(2) 25G SFP28**, (2) 10G SFP+**, and (2) 2.5 GbE RJ45 ports (two interfaces remappable to WAN)
(2) included hot-swap PSUs for power redundancy
1.3" touchscreen
Includes 90 days of Professional Phone Support ***
Specifications
Mechanical
Dimensions | 442.4 x 43.7 x 325 mm (17.4 x 1.7 x 12.8") |
Weight | 6.5 kg (14.3 lb) |
Enclosure material | Aluminium CNC, SGCC steel |
Hardware
Processor | 18-core ARM® v8.2 at 2 GHz |
System memory | 16 GB DDR4 DIMM |
Management interface | Ethernet Bluetooth |
Networking interface | (2) 25G SFP28 ports (2) 10G SFP+ ports (2) 2.5 GbE RJ45 ports Map any (2) interfaces to WAN |
Power method | (1) Universal AC input, 100—240V AC, 7A Max., 50/60 Hz |
Power supply | (2) Hot-swappable 150W CRPS |
Supported voltage range | 100–240V AC |
Max. power consumption | 82W |
ESD/EMP protection | Air: ± 8kV, contact: ± 4kV |
LCM display | (1) 1.3" touchscreen |
Button | Factory reset |
Ambient operating temperature | 0 to 40° C (22 to 104° F) |
Ambient operating humidity | 5 to 95% noncondensing |
Certifications | CE, FCC, IC |
Gateway Features
Performance | Redundant WAN with failover and load balancing WiFi QoS with UniFi APs Application, domain, and country-based QoS Application and device type identification Additional internet failover with LTE Backup Internet quality and outage reporting |
Next-generation security | Application-aware firewall rules Signature-based IPS/IDS threat detection Content, country, domain, and ad filtering VLAN/subnet-based traffic segmentation Full stateful firewall |
Advanced networking | License-free SD-WAN WireGuard, L2TP and OpenVPN server OpenVPN client OpenVPN and IPsec site-to-site VPN One-click Teleport and Identity VPN Policy-based WAN and VPN routing DHCP relay Customizable DHCP server IGMP proxy IPv6 ISP support |
Capacity
UniFi devices | 500+ |
Client devices | 5,000+ |
Concurrent sessions | 1 million |
New sessions / sec | 71,000 |
SSL/TLS inspection concurrent sessions | 10,000 Limiting to 5,000 concurrent sessions is recommended if the gateway is passing significant traffic. This can be achieved by restricting which VLANs and domains pass through NeXT AI Inspection, such as only including search engine and LLM queries on employee devices. Learn more. |
IDS/IPS signatures | 80,000+ With Enhanced Threat Updates. Learn more |
Routing Throughput
Firewall | 23.5 Gbps |
IDS/IPS | 12.5 Gbps |
Measured with iPerf3 on DHCP WAN. Performance may be reduced with PPPoE depending on ISP implementation.
VPN Server Single User Throughput
UniFi Identity | 1.2 Gbps |
Teleport | 1.2 Gbps |
WireGuard | 1.2 Gbps |
OpenVPN | 210 Mbps |
L2TP | 280 Mbps |
Measured with iPerf3.
Site-to-Site VPN Single Tunnel Throughput
Site Magic | 1.1 Gbps |
OpenVPN | 120 Mbps |
IPsec | 580 Mbps |
Measured with iPerf3.
VPN Client Single Tunnel Throughput
WireGuard | 980 Mbps |
OpenVPN | 180 Mbps |
Measured with iPerf3.
LEDs
Ethernet | White: Link/activity |
SFP+ | White: Link/activity |
CRPS | Off: No AC power present Steady white: AC power and DC output active Flashing white: AC power present Steady red: AC power lost/failure events Flashing red: Warning events |
Software
Mobile app | UniFi iOS™:Version 10.16.2 and later UniFi Android™: Version 10.17.2 and later |
100G, MC-LAG, and Beyond
High Capacity
Automatic Failover
Layer 3 (VRRP)
PoE Type
Up to PoE+++
PoE Availability
Up to 2,150 W
Performance
Switching Capacity
Up to 3.6 Tbps
RJ45 Ports Speeds
Up to 10 Gbps
SFP Port Speeds
Up to 100 Gbps
High Availability
MC-LAG
Supported
Power Redundancy
Dual power modules
Modular Fans
Hot-swappable
New UniFi Enterprise Campus Switching Family
Exceptional Speeds & CapacityHi-Performance Server ConnectivityMassive ScaleHigh AvailabilityMC-LAG Future Proof