Welcome to UniFi Enterprise

Phase 1: Enterprise Fortress Gateway

Designed for Massive Scale

Effortlessly manage 500+ UniFi devices and 5,000+ clients.

VRRP High Availability

Link a second system in Shadow Mode to minimize network downtime.

25 Gbps Performance

Seamlessly balance WANs and support high-capacity switching.

Built for Secure Routing

Deliver over 12 Gbps of routing throughput with full IPS security.

0
9
9
9

Seamless Connectivity for 18,000 Fans

UniFi and the Enterprise Fortress Gateway power scalable, enterprise‑grade networking at FedExForum - a premier multi-purpose indoor arena and home to the NBA's Memphis Grizzlies.

FedEx&Memphis Grizzlies

Cybersecurity

Intrusion Detection & Prevention

Cybersecurity

Intrusion Detection & Prevention

UniFi's intrusion detection and prevention system (IDS/IPS) guards against potential threats that originate both within and outside of the network.

This dynamic system swiftly detects and blocks suspicious activity that could signal a security compromise based on a real-time database of known cyber threats.

Cybersecurity

SSL Inspection

Cybersecurity

SSL Inspection

Available completely license-free on EFG, NeXT AI Inspection analyzes encrypted packets in real time to enhance IDS/IPS and content filtering precision and improve traffic identification.

Additionally, access to internal payload details enables powerful cybersecurity use cases, such as monitoring search engine and LLM queries for safety and security concerns.

Cybersecurity

Application-Aware Firewall

Cybersecurity

Application-Aware Firewall

UniFi's application-aware firewall accurately detects and blocks traffic directed at specific applications, websites, and IP addresses.

Easily block specific targets that might pose security threats at the network, VLAN, and client device level.

Cybersecurity

Content & Domain Filtering

Cybersecurity

Content & Domain Filtering

Preset content filters can be applied to a specific VLAN with just a click, restricting access to explicit and malicious domains.

UniFi's application-aware firewall enhances flexibility with advanced filtering options, including application, domain, and IP-based filtering.

Routing & VPN

SD-WAN & Automatic Site-to-Site VPN

Routing & VPN

SD-WAN & Automatic Site-to-Site VPN

UniFi's license-free Site Magic makes Site-to-Site VPN and SD-WAN setup easier than ever.

Instead of configuring complicated, manual Site-to-Site VPNs between multiple gateways, simply select the sites and subnets to connect through the UniFi Site Manager at unifi.ui.com.

Routing & VPN

One-Click WiFi & VPN Client

Routing & VPN

One-Click WiFi & VPN Client

UniFi Identity is the ultimate solution for seamless network and physical access. Grant permissions to users and let them access IT services - all with a simple click.

With One-Click VPN, users can remotely access your organization's network without entering credentials. Say goodbye to VPN client configuration nightmares.

Routing & VPN

Comprehensive VPN Server & Client Support

Routing & VPN

Comprehensive VPN Server & Client Support

UniFi supports a wide range of VPN protocols, including WireGuard and OpenVPN, for both VPN server and client services.

With UniFi, VPN services are exceptionally intuitive to deploy, making it easy to eliminate port forwarding requirements to enhance your network's security posture.

Routing & VPN

Policy-Based Routing

Routing & VPN

Policy-Based Routing

With Policy-Based Routes (PBR), UniFi can send traffic destined for specific domain names, IP addresses, and regions through a specific WAN or VPN interface.

PBR works seamlessly with multi-WAN load balancing and VPN client services, making it easy to segment application traffic based on priority or performance requirements.

Routing & VPN

IPv6 Enabled Networking

Routing & VPN

IPv6 Enabled Networking

IPv6 adoption is increasing as a result of IPv4 addresses being exhausted and more client devices coming online.

UniFi is ready for IPv6 networking, with broad support for IPv6 traffic across WAN and LAN interfaces, through its application-aware firewall, and more.

Routing & VPN

Full NAT Control

Routing & VPN

Full NAT Control

UniFi offers granular control over network address translation (NAT), with support for NAT Pooling, Source NAT (SNAT), Destination NAT (DNAT), and Masquerade NAT.

NAT can also be disabled entirely on all or specific VLANs.

High Availability

Shadow Mode (VRRP)

High Availability

Shadow Mode (VRRP)

For enterprise-grade High Availability with Virtual Router Redundancy Protocol (VRRP), link a second EFG in Shadow Mode.

If the primary EFG goes offline, its Shadow will automatically take over so your network continues running with minimal downtime.

High Availability

Multi-WAN Load Balancing

High Availability

Multi-WAN Load Balancing

UniFi can leverage multiple internet connections at a single site for highly-resilient service.

Choose between Failover Only mode, which uses an alternative internet source only as a backup, and Distributed mode, which splits internet traffic between your internet sources based on a customizable weighting.

High Availability

Power Redundancy

High Availability

Power Redundancy

EFG is thoughtfully designed with dual hot-swappable PSUs for complete protection against unexpected internal and external power disruptions.

Provide power to the Enterprise Fortress Gateway from redundant sources, and replace a PSU without network downtime.

High Availability

ISP Health Monitoring

High Availability

ISP Health Monitoring

The UniFi Site Manager dashboard at unifi.ui.com features ISP health metrics for quick, insightful monitoring across sites.

Real-time email and mobile app alerts for site-level ISP health events are also available with push notifications settings customizable for each site.

Site Management

Global Admin Management

Site Management

Global Admin Management

The UniFi Site Manager at unifi.ui.com enables easy management of all admins across UniFi sites from a single interface.

Effortlessly onboard and offboard admins with granular control over site access and application permissions.

Site Management

Global Update Management

Site Management

Global Update Management

Get a centralized view of all deployed UniFi devices across sites from the UniFi Site Manager at unifi.ui.com.

Search for specific devices, navigate to sites for full management, and coordinate bulk device updates with ease.

UniFi Enterprise Partner Program

A dedicated channel for MSPs and System Integrators to purchase the Enterprise Fortress Gateway and future UniFi Enterprise products with exclusive benefits.

Increased
Profitability

Project
Security

Dedicated
Pre-Sales Support

Exclusive Events
& Training

Benefits apply to the Enterprise Fortress Gateway and future UniFi Enterprise products.

Enterprise Fortress Gateway

Enterprise Fortress Gateway

Overview
Performance

25G Cloud Gateway with 500+ UniFi device / 5,000+ client support, 12.5 Gbps IPS routing, and complete high availability.

Runs UniFi Network for full-stack network management
Shadow Mode High Availability with automatic failover provides uninterrupted connectivity (VRRP)
12.5 Gbps routing with IDS/IPS
License-free, real-time inspection of encrypted packets with NeXT AI Inspection (SSL/TLS decryption)
(2) 25G SFP28, (2) 10G SFP+, and (2) 2.5 GbE RJ45 ports (two interfaces remappable to WAN)
(2) included hot-swap PSUs for power redundancy

Enterprise Fortress Gateway

25G Cloud Gateway with 500+ UniFi device / 5,000+ client support, 12.5 Gbps IPS routing, and complete high availability.

Enterprise Fortress Gateway

Overview

Runs UniFi Network for full-stack network management
Shadow Mode High Availability with automatic failover provides uninterrupted connectivity (VRRP)
12.5 Gbps routing with IDS/IPS
License-free, real-time inspection of encrypted packets with NeXT AI Inspection (SSL/TLS decryption)
(2) 25G SFP28, (2) 10G SFP+, and (2) 2.5 GbE RJ45 ports (two interfaces remappable to WAN)
(2) included hot-swap PSUs for power redundancy

Performance

Capacity

UniFi Devices

500+

Client Devices

5,000+

Concurrent Sessions

1 million

New Sessions / Sec

71,000

SSL/TLS Inspection Concurrent Sessions

10,000*

IDS/IPS Signatures

80,000**

*Limiting to 5,000 concurrent sessions is recommended if the gateway is passing significant traffic. This can be achieved by restricting which VLANs and domains pass through NeXT AI Inspection, such as only including search engine and LLM queries on employee devices. Learn More.

**With Enhanced Threat Updates. Learn More.

Routing Throughput*

Firewall

23.5 Gbps

IDS/IPS

12.5 Gbps

*Measured with iPerf3 on DHCP WAN. Performance may be reduced with PPPoE depending on ISP implementation.

VPN Server Single User Throughput*

UniFi Identity

1.2 Gbps

Teleport

1.2 Gbps

WireGuard

1.2 Gbps

OpenVPN

210 Mbps

L2TP

280 Mbps

*Measured with iPerf3.

Site-to-Site VPN Single Tunnel Throughput*

Site Magic

1.1 Gbps

OpenVPN

120 Mbps

IPsec

580 Mbps

*Measured with iPerf3.

VPN Client Single Tunnel Throughput*

WireGuard

980 Mbps

OpenVPN

180 Mbps

*Measured with iPerf3.

Deployment

Deployment