The IT Nerd

As frequent readers of this blog will be aware, I recently upgraded my network to fully leverage my fibre connection with Distributel who is my current ISP. By putting in a better performing router, specifically the ASUS RT-BE86U, I was able to get my speeds to 1 Gbps up and down from roughly 1 Gbps down and roughly 600 Mbps up. That was good. But the next step in my mind would be to replace that router with a dedicated wired router as the WiFi 7 functionality in that ASUS router was being wasted as I disabled it due to the fact that I have no WiFi 7 devices. And I was instead using the ASUS ZenWiFi XT8’s that I have had for a while in access point mode to provide WiFi.

That’s where the Ubiquiti Unifi Cloud Gateway Max comes in. This is a very affordably priced “router” that has a lot of headroom regardless of your use case. I use the word “router” in quotes because this does more than route traffic to and from the Internet. But more on that in a second. First let’s look at the device itself:

The front of the Unifi Cloud Gateway Max has a display that is just under 1″ in size. It shows what your speeds are both up and down as well as other information like alerts for example. From the party tricks department comes the fact that you can set it to automatically turn off at night to reduce light pollution which my wife really appreciates. And if you place the Unifi Cloud Gateway Max on its side, it will automatically rotate the screen into that orientation. That’s a thoughtful touch.

The back has a bunch of 2.5 Gbps ports. None of which are PoE ports which given that Ubiquiti has a ton of products that use PoE is odd at first glance. But I am guessing that it helps to keep the price down for those who would never use PoE as you can always buy a PoE switch if you need one. Again from the party trick department comes the fact that you can define any of the four LAN ports as a secondary WAN port for failover or combining two Internet connections together. That’s welcome if you want to give yourself the ability to stay online no matter what. I may leverage that in the future with another Internet connection. The USB-C port on the left is for power. And it only sucks 16 W of power maximum which isn’t a lot of power.

On the side is a slot where you can stick an NVMe hard disk into it. Why would I want built in storage on a router you ask? Well you can use this as storage for Unifi Protect which is their surveillance system which uses this storage for an NVR. Or for Unifi Talk which is their VoIP system which can use this storage for things like voice mail for example. That’s kind of the “secret sauce” of the Unifi Cloud Gateway Max. It is capable of running the whole Unifi Application Suite if you want to dip your toe into the Unifi ecosystem. Now Unifi says that it supports “30+” Unifi devices. That doesn’t sound like a lot. But realistically, for a home or a small business, that’s plenty. For the record the company says that it supports “300+” devices in total.

One other note is that this product is tiny measuring 5.6 x 5 x 1.2″. So it will not take a whole lot of real estate regardless of where you put it.

I should note that the Unifi Cloud Gateway Max also comes with one of those famous Etherlighting cables. Basically, these are really thin Ethernet cables that light up if you plug them into a Ubiquiti switch or router that has the ability to light up the cables. I guess it’s a way to give your network rack some flair. Now the Unifi Cloud Gateway Max doesn’t have this ability. It’s also pretty short which means that you may not use it at all. So the fact that Ubiquiti included it is a curious choice.

Now setting this up should should be easy. But depending on your ISP, that may not be true. Let me illustrate by describing what happened to me.

Ubiquiti wants you to power on the Unifi Cloud Gateway Max and download their app to your phone to configure it over Bluetooth as this product has a Bluetooth radio in it. So I started there, but the Unifi Cloud Gateway Max kept saying that I didn’t have the WAN port plugged in via the display at the front of the unit. Which wasn’t the case as I had the WAN port plugged into my optical networking terminal with a known to be working Ethernet cable. As a result, it couldn’t configure itself when I walked through the setup wizard.

That took me to the second option. I got my MacBook Pro and plugged it into the Unifi Cloud Gateway Max via Ethernet and went to its default IP address to use the web based configuration. But that had exactly the same result. Which is that it didn’t think that the WAN port was plugged into my optical network terminal.

That took me to the final option which is to set up the console offline. Basically, what this option allows you to do is allow you to enter your configuration that your ISP needs and then you can save it to the Cloud Gateway Max. At that point the device will reboot and connect to your ISP. Then you proceed with the rest of the setup. Which is exactly what happened in my case.

What I can conclude from this experience is that if you have an ISP that plays nice with the Unifi Cloud Gateway Max, I can see the setup of this device taking minutes. But if not, it will take longer as you will have to puzzle through what the issue might be as I had to. Which means that if you decide to look at this product, you should be aware that the setup may not be straightforward and take some technical know how to get things working.

Another thing that I should note is that using the offline mode skips past the need to create a Unifi UI account to set things up. Which to be clear is optional, but Ubiquiti recommends that you do it. Now I will mention that while having a Unifi UI account will allow one to manage Unifi devices from anywhere, give them ability to back up configurations to the cloud, and easily deploy new Unifi devices among other functions. But the other side of that is that anytime you expose something to the Internet for any form of remote access, there’s a risk that you could get pwned. Maybe I am being paranoid on this front. But given the fact that Ubiquiti was kind of pwned via an insider a few years ago, maybe I am not being paranoid. You’ll have to weigh the perceived risk of setting up a Unifi UI account for yourself and your gear and proceed accordingly based on that risk. In my case, this Cloud Gateway Max is never going to have remote access. And that works for my security focused nature.

Once the Unifi Cloud Gateway Max was online, I ensured that the Unifi OS was updated along with the Unifi Network app. The latter being the app that allows you to control all aspects of your network and monitor things. I also set up a weekly check for any updates for both the OS and the Network app, and automatically install updates if required. Now that does break my rule of not allowing things on my network to automatically update themselves. But I went this route because I want to make sure that this device is always up to date with minimal effort as I hear that updates from Ubiquiti are often frequent which is a good thing from a security perspective. The next step for me was to have a look around the management console to see what it offered. Let me get right to the point. This device will allow you to monitor and observe all aspects of your network with incredible levels of detail. Here’s three examples of what I mean:

This is the main screen. From here I can monitor what speeds my ISP is giving me so that I can fully ensure that I am getting what I am paying for via automated speed tests that are configurable and live speed monitoring. That’s on the left side. Speaking of speeds, I have gotten speed tests as fast as 1.1 Gbps up and down which makes this the fastest router that I have tested at the time of writing this review. And that was with intrusion detection and prevention turned off. With that security feature turned on, I was consistently getting between 1.06 and 1.08 Gbps up and down. That’s not much of a penalty. Given that Ubiquiti rates this device to do 2.3 Gbps with intrusion detection and prevention turned on, that gives you a fair amount of headroom depending on how fast your Internet connection is.

Now if the stock intrusion detection and prevention doesn’t work for your needs, Ubiquiti offers a subscription to a more enhanced version that is powered by Proofpoint. The core difference between the two is that the signatures that the system uses to detect threats are updated weekly when you choose the paid option. More frequent updates means you reduce your chances of being pwned. And there are way more signatures at play. As in roughly 95K for the paid option versus roughly 55K for the stock option. The $139 a year per cloud gateway cost for this might be worth it for those who really want to protect themselves. In my case, I didn’t go that route as the stock intrusion detection and prevention system is likely going to be good enough for me. Though I may re-evaluate this decision at a later date. I do have a minor gripe about this, I kind of wished that Ubiquiti bundled this service into the price of the Cloud Gateway Max and made it subscription free. Basically what ASUS does with their Trend Micro intrusion detection and prevention product on their routers. But by not doing so keeps the price down for those who would never use it.

You’ll note that my uptime with my ISP its 99.8% when I took the above screenshot. That’s because I had a roughly 10 minute outage with Distributel which is highlighted by an orange dot on the green line below the graph in the middle of the screenshot below:

You can monitor the types of traffic that is coming and going from your network, as well as where it is coming from. That can come in handy if you’re trying to identify a device that may be too “chatty” for example. Here’s a look at what this looks like:

You can also get insights as to where your “bad” traffic might be coming from. As evidenced by this screenshot:

There’s a lot more and I am only truly scratching the surface with these examples. But the sorts of insights that you can get from this device easily rivals the enterprise grade gear that I usually play with. Now all of the examples above were via the device’s webpage. But you can get the same insights from the app as well which is available on iOS and Android. And what’s really cool is that you can manage all your Unifi gear from a single console. That’s something that is appealing to me as I am thinking about upgrading to Unifi WiFi access points in the future.

Now let’s go to the price. If you want to get the exact version of the Unifi Cloud Gateway Max that I have. Which is the base model with no storage, you can expect to pay $269 CDN. If you want storage, then there are 512 GB to 2 TB versions that start at $379 CDN. On top of that, there is a $25 CAD option that allows you to buy your own storage and install it into a Unifi Cloud Gateway Max that doesn’t have storage.

I consider the Unifi Cloud Gateway Max to be Ubiquiti’s “gateway drug” into the Unifi ecosystem. I am pretty impressed by it and I would recommend it for a variety of use cases. Be aware that setting it up might be a bit challenging as this is a device that is a significant step up from “consumer” level networking gear. But once it’s set up, it performs well and gives you a ton of options in terms how you can use it. All at a price that won’t break the bank.