Welcome to UniFi Enterprise
Phase 1: Enterprise Fortress Gateway

Designed for Massive Scale
Effortlessly manage 500+ UniFi devices and 5,000+ clients.
VRRP High Availability
Link a second system in Shadow Mode to minimize network downtime.
25 Gbps Performance
Seamlessly balance WANs and support high-capacity switching.
Built for Secure Routing
Deliver over 12 Gbps of routing throughput with full IPS security.
Seamless Connectivity for 18,000 Fans
UniFi and the Enterprise Fortress Gateway power scalable, enterprise‑grade networking at FedExForum - a premier multi-purpose indoor arena and home to the NBA's Memphis Grizzlies.
Cybersecurity
Intrusion Detection & Prevention
Cybersecurity
Intrusion Detection & Prevention
UniFi's intrusion detection and prevention system (IDS/IPS) guards against potential threats that originate both within and outside of the network.
This dynamic system swiftly detects and blocks suspicious activity that could signal a security compromise based on a real-time database of known cyber threats.

Cybersecurity
SSL Inspection
Cybersecurity
SSL Inspection
Available completely license-free on EFG, NeXT AI Inspection analyzes encrypted packets in real time to enhance IDS/IPS and content filtering precision and improve traffic identification.
Additionally, access to internal payload details enables powerful cybersecurity use cases, such as monitoring search engine and LLM queries for safety and security concerns.

Cybersecurity
Application-Aware Firewall
Cybersecurity
Application-Aware Firewall
UniFi's application-aware firewall accurately detects and blocks traffic directed at specific applications, websites, and IP addresses.
Easily block specific targets that might pose security threats at the network, VLAN, and client device level.

Cybersecurity
Content & Domain Filtering
Cybersecurity
Content & Domain Filtering
Preset content filters can be applied to a specific VLAN with just a click, restricting access to explicit and malicious domains.
UniFi's application-aware firewall enhances flexibility with advanced filtering options, including application, domain, and IP-based filtering.

Routing & VPN
SD-WAN & Automatic Site-to-Site VPN
Routing & VPN
SD-WAN & Automatic Site-to-Site VPN
UniFi's license-free Site Magic makes Site-to-Site VPN and SD-WAN setup easier than ever.
Instead of configuring complicated, manual Site-to-Site VPNs between multiple gateways, simply select the sites and subnets to connect through the UniFi Site Manager at unifi.ui.com.

Routing & VPN
One-Click WiFi & VPN Client
Routing & VPN
One-Click WiFi & VPN Client
UniFi Identity is the ultimate solution for seamless network and physical access. Grant permissions to users and let them access IT services - all with a simple click.
With One-Click VPN, users can remotely access your organization's network without entering credentials. Say goodbye to VPN client configuration nightmares.

Routing & VPN
Comprehensive VPN Server & Client Support
Routing & VPN
Comprehensive VPN Server & Client Support
UniFi supports a wide range of VPN protocols, including WireGuard and OpenVPN, for both VPN server and client services.
With UniFi, VPN services are exceptionally intuitive to deploy, making it easy to eliminate port forwarding requirements to enhance your network's security posture.

Routing & VPN
Policy-Based Routing
Routing & VPN
Policy-Based Routing
With Policy-Based Routes (PBR), UniFi can send traffic destined for specific domain names, IP addresses, and regions through a specific WAN or VPN interface.
PBR works seamlessly with multi-WAN load balancing and VPN client services, making it easy to segment application traffic based on priority or performance requirements.

Routing & VPN
IPv6 Enabled Networking
Routing & VPN
IPv6 Enabled Networking
IPv6 adoption is increasing as a result of IPv4 addresses being exhausted and more client devices coming online.
UniFi is ready for IPv6 networking, with broad support for IPv6 traffic across WAN and LAN interfaces, through its application-aware firewall, and more.

Routing & VPN
Full NAT Control
Routing & VPN
Full NAT Control
UniFi offers granular control over network address translation (NAT), with support for NAT Pooling, Source NAT (SNAT), Destination NAT (DNAT), and Masquerade NAT.
NAT can also be disabled entirely on all or specific VLANs.

High Availability
Shadow Mode (VRRP)
High Availability
Shadow Mode (VRRP)
For enterprise-grade High Availability with Virtual Router Redundancy Protocol (VRRP), link a second EFG in Shadow Mode.
If the primary EFG goes offline, its Shadow will automatically take over so your network continues running with minimal downtime.

High Availability
Multi-WAN Load Balancing
High Availability
Multi-WAN Load Balancing
UniFi can leverage multiple internet connections at a single site for highly-resilient service.
Choose between Failover Only mode, which uses an alternative internet source only as a backup, and Distributed mode, which splits internet traffic between your internet sources based on a customizable weighting.

High Availability
Power Redundancy
High Availability
Power Redundancy
EFG is thoughtfully designed with dual hot-swappable PSUs for complete protection against unexpected internal and external power disruptions.
Provide power to the Enterprise Fortress Gateway from redundant sources, and replace a PSU without network downtime.

High Availability
ISP Health Monitoring
High Availability
ISP Health Monitoring
The UniFi Site Manager dashboard at unifi.ui.com features ISP health metrics for quick, insightful monitoring across sites.
Real-time email and mobile app alerts for site-level ISP health events are also available with push notifications settings customizable for each site.

Site Management
Global Admin Management
Site Management
Global Admin Management
The UniFi Site Manager at unifi.ui.com enables easy management of all admins across UniFi sites from a single interface.
Effortlessly onboard and offboard admins with granular control over site access and application permissions.

Site Management
Global Update Management
Site Management
Global Update Management
Get a centralized view of all deployed UniFi devices across sites from the UniFi Site Manager at unifi.ui.com.
Search for specific devices, navigate to sites for full management, and coordinate bulk device updates with ease.

UniFi Enterprise Partner Program
A dedicated channel for MSPs and System Integrators to purchase the Enterprise Fortress Gateway and future UniFi Enterprise products with exclusive benefits.
Increased
Profitability
Project
Security
Dedicated
Pre-Sales Support
Exclusive Events
& Training
Benefits apply to the Enterprise Fortress Gateway and future UniFi Enterprise products.

Enterprise Fortress Gateway

Enterprise Fortress Gateway
25G Cloud Gateway with 500+ UniFi device / 5,000+ client support, 12.5 Gbps IPS routing, and complete high availability.
Enterprise Fortress Gateway
25G Cloud Gateway with 500+ UniFi device / 5,000+ client support, 12.5 Gbps IPS routing, and complete high availability.

Overview
Performance
Capacity
UniFi Devices
500+
Client Devices
5,000+
Concurrent Sessions
1 million
New Sessions / Sec
71,000
SSL/TLS Inspection Concurrent Sessions
10,000*
IDS/IPS Signatures
80,000**
*Limiting to 5,000 concurrent sessions is recommended if the gateway is passing significant traffic. This can be achieved by restricting which VLANs and domains pass through NeXT AI Inspection, such as only including search engine and LLM queries on employee devices. Learn More.
**With Enhanced Threat Updates. Learn More.
Routing Throughput*
Firewall
23.5 Gbps
IDS/IPS
12.5 Gbps
*Measured with iPerf3 on DHCP WAN. Performance may be reduced with PPPoE depending on ISP implementation.
VPN Server Single User Throughput*
UniFi Identity
1.2 Gbps
Teleport
1.2 Gbps
WireGuard
1.2 Gbps
OpenVPN
210 Mbps
L2TP
280 Mbps
*Measured with iPerf3.
Site-to-Site VPN Single Tunnel Throughput*
Site Magic
1.1 Gbps
OpenVPN
120 Mbps
IPsec
580 Mbps
*Measured with iPerf3.
VPN Client Single Tunnel Throughput*
WireGuard
980 Mbps
OpenVPN
180 Mbps
*Measured with iPerf3.
Deployment
