Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall

The Edge firewall can be configured via ACLs (Access Control Lists) or zone-based. I'm more comfortable with list-based configurations, so I stuck with ACLs. Ubiquiti has a guide on zone-based firewall configurations here.

Edge firewall ACLs are configured with series of rulesets. Firewall rulesets are applied to interfaces to filter inbound, outbound, or "local" traffic "Local" traffic is traffic directed at the router itself.

Each Edge firewall ruleset is a list of rules defining action(s) to take on traffic. Firewall rulesets follow top-down logic and act on the first matching rule. Firewall rules are where you specify the traffic you want to accept, drop, or reject. Dropped packets are simply dropped, whereas rejected packets receive an ICMP message saying destination unreachable.

Firewall rules can be created to filter traffic based on IP address, port, protocol, session, fragment status, TCP flags, and time. There are also pre-built peer-to-peer applications that can be filtered including Applejuice, Bittorrent, Directconnect, Edonkey, Gnutella, and Kazaa.

The WAN+2LAN setup wizard in the GUI creates two firewall rulesets: WAN_IN and WAN_LOCAL. These statefulrulesets permit traffic that is part of an established two-way connection or related to an established connection, while all other traffic blocked. These two rulesets essentially enable a stateful firewall on the WAN interface. The below screenshot shows a snippet of the CLI configs for the WAN_IN and WAN_LOCAL firewall rulesets.

firewall

WAN_IN and WAN_LOCAL Firewall Rules

I found using this GUI wizard helpful to get the firewall enabled and to figure out how to create additional firewall rules. You can edit the firewall via the GUI and CLI, and you will have to edit the firewall to get the most out of the Edge. For example, VPN functionality requires editing the firewall rules. Other configurations on the Edge also use rules, such as NAT (Network Address Translations) configurations.

Routing Performance

Let's preface this section by stating that Ubiquiti's EdgeRouters and in particular the EdgeRouter Pro have routing performance beyond our capability to accurately measure it.

Routing performance for the EdgeRouter Pro loaded with v1.4.0 firmware and using our standard test method is summarized below. The throughput results listed in Table 2 are obviously not reflective of the router's actual 8 Gbps spec'd performance. In our review of the EdgeRouter Lite, we measured WAN-LAN at 821 Mbps, LAN-WAN at 772 Mbps and Total Simultaneous Throughput at 1,306 Mbps. After trying different configurations on the EdgeRouter Pro, we've concluded the measured routing performance of the EdgeRouter Pro is beyond our ability to accurately test it. (It's that fast!)

Essentially, these results below are more reflective of our testbed limits instead of the router. (Note, the maximum simultaneous connections result is at the limit of our test process, indicating the EdgeRouter Pro can certainly support enough user sessions.)

Test Description EdgeRouter Pro
WAN - LAN 304.1
LAN - WAN 553.6
Total Simultaneous 736.6
Maximum Simultaneous Connections 30,998
Firmware Version v1.4.0
Table 2: Routing Throughput

For completeness, below is a screenshot of our throughput tests for download and upload speeds.

ubnt_edgerouterpro_up-n-dn

Unidirectional Throughput

Simultaneous up/downlink throughput is shown in the below IxChariot plot.

ubnt_edgerouterpro_updn

Bidirectional Throughput

Closing Thoughts

The Ubiquiti EdgeRouters are first and foremost, extremely fast routers. The previously reviewed EdgeRouter Lite is near the top of our router charts with Total Simultaneous Throughput of 1,306 Mbps and is available for less than $100. The EdgeRouter Pro is rated over 2.5x faster than the EdgeRouter Lite, its performance exceeds our test tool's capability and costs only $399!

I only scratched the surface of the EdgeRouter Pro's capabilities in this review. I successfully tested VPNs, firewall rules, VLANs, dual WAN load-balancing and dynamic DNS following various configuration guides on Ubiquiti's wiki. Clearly, the EdgeRouter Pro offers significantly more features than I could possibly test in a single review.

Ubiquiti bills the EdgeMAX routers as "Advanced Routing Technology for the Masses." Certainly, the EdgeMAX routers are priced for "the Masses," and bring high throughput routing speeds to a very affordable level. However, "the Masses" are more accustomed to GUI-based router configuration and this is where Ubiquiti's OS and documentation come up short. While Ubiquiti has made progress in expanding GUI-based configuration options, you'll still need to use the command line for most anything other than basic setup. This is not a router for novice users!

[Editors note from Tim: To reinforce this point, Doug took twice as long for this review vs. other VPN routers. And he is no stranger to CLI-based router configuration.]

I reviewed Ubiquiti's UniFi Wi-Fi controller software awhile back and complimented Ubiquiti for "pushing the wireless industry to a more economical and flexible solution." I think Ubiquiti has done it again with the EdgeMAX routers, challenging the wired network industry with an economical, fast and flexible routing solution!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

ChangelogCode: Firmware version 3.0.0.4.384_81351- Release Note - 1. Fixed a DDoS vulnerability.2. Fixed Let's Encrypt related bugs.3. Fixed folder c...
I have an RT-AC86U. Firmware 3.0.0.4.384.45717. Been running great since I got it about a year ago.I signed into the web interface today and notice th...
An update notifier "popped" up today when I logged into my Router. ( GUI )RT-AC66U_B1 Current Version : 3.0.0.4.384_81351-gcb63868This will probably b...
I posted this inquiry on the ZTE forum but got no replies yet.I am having issues changing the firmware on my router.The contract with the ISP ended an...
Hi all, hope everyone is doing fine today.I have a little issue with my iptables which as been setup as a killswitch in the event my VPN fails. The ki...

Don't Miss These

  • 1
  • 2
  • 3