Hey there homelabbers, self-hosters, IT-pros, and engineers. Rich here! Just recently, I left pfSense for UniFi. It was a tough decision, but the right one. In a previous video, I landed on and purchased the UDM Pro Max as a replacement for my homebrewed pfSense firewall. Late last year, an opportunity came up to get my hands on an EFG at a great price, and of course, I jumped on it.

Now that I have it, I thought it’d be a great time to compare these two top-end products against each other. Since I don’t answer to Ubiquiti, I’ll give you my honest opinions on whether the EFG really is worth over twice the cost of the UDM Pro Max. Let’s get to testing!

Hardware & Specifications Comparison

CPU Performance

  • UDM Pro Max: Quad-core ARM Cortex-A57 CPU @ 2GHz
  • EFG: 18-core Marvell/Cavium ThunderX2 ARM v8.2 CPU @ 2GHz

Memory

  • UDM Pro Max: 8GB RAM
  • EFG: 16GB RAM

Storage

  • UDM Pro Max: 128GB integrated SSD, dedicated eMMC, and two 3.5” hot-swappable drive bays for additional UniFi applications
  • EFG: No internal storage specifications (does not support running applications other than Network)

Connectivity

  • UDM Pro Max: 8× 1-gig RJ45, 1× 2.5-gig RJ45, 2× 10-gig SFP+
  • EFG: 2× 2.5-gig RJ45, 2× 10-gig SFP+, 2× 25-gig SFP28

Both systems support dynamic WAN assignment to any port.

IDS/IPS Throughput

  • UDM Pro Max: 5 Gbps
  • EFG: 12.5 Gbps

Redundancy & Failover

  • UDM Pro Max: Shadow Mode, gateway failover, DC Power Backup connection
  • EFG: Shadow Mode, gateway failover, dual hot-swappable PSUs

UniFi Application Support

  • UDM Pro Max: Network, Protect, Access, Talk, Connect
  • EFG: Network only

Understanding the Target Market

The UDM Pro Max is the highest-end all-in-one gateway and controller Ubiquiti has to offer. The additional support for Protect, Access, Talk, and Connect applications, combined with good throughput and plenty of connectivity, make it a reasonable choice for a medium-sized business looking to take advantage of all of Ubiquiti’s offerings.

The EFG, however, is really targeting the enterprise segment with a much more powerful CPU, more RAM, significantly higher throughput, and enterprise features like built-in SSL inspection and hardware redundancy. It lacks the extra application support you get with the Pro Max—an interesting decision on Ubiquiti’s part, as I’m sure this system could support it.

The Reality of Throughput Claims

In my previous video, I mentioned choosing the UDM Pro Max because I have a 5-gig Internet connection and wanted to fully utilize it. Fast forward to today, and I’ve noticed some things about that 5-gig throughput rating that have made me question whether the UDM Pro Max can actually move 5 gigabits per second through itself.

I’ve been testing the UDM Pro Max in production, and I have the receipts to prove that it can’t actually do 5-gig—either in firewall packet filtering or in inter-VLAN routing. Now that I have the EFG for comparison, this is the perfect time to shed light on the realities of actual throughput on these systems.

Network Architecture: Router on a Stick

To understand why throughput performance matters for my setup, it’s important to discuss my network configuration: a design commonly called a “Router on a Stick.”

The concept is simple: my firewall acts as both edge protection for the network and as a router that passes packets between VLANs. This allows me to:

  • Control access North to South (to and from the Internet)
  • Control access East to West (between VLANs on my network)

This design allows me to place traffic rules around network traffic flows between different VLANs. For example, I want my IoT network to access the Internet, but I also want to reach into my IoT network from my server network so my smart home services can access those IoT devices. By passing everything through the firewall, I can create rules that control these flows exactly how I want them.

Performance Testing

Internet Throughput: UDM Pro Max

Starting with firewall throughput to the Internet through the UDM Pro Max:

Result: 3.79 Gbps download / 4.71 Gbps upload

These aren’t bad numbers, but it’s not the 5 Gbps Internet speed I’m paying for.

Internet Throughput: EFG (Fresh Installation)

Testing the EFG before deploying it into my network with clients:

Result: 5.29 Gbps download / 5.51 Gbps upload

Clearly much better, but was this because there were no clients connected?

Internet Throughput: EFG (Production with Clients)

After importing my configuration and putting the EFG in production with clients:

Result: 5.08 Gbps download / 5.41 Gbps upload

Despite production traffic and connected clients, the EFG maintains strong throughput. The difference between these units is clearly significant.

I want to reiterate that I ran these tests repeatedly, and the results were consistently similar each time. The EFG is demonstrably capable of handling more throughput to the Internet than the UDM Pro Max.

Inter-VLAN Routing Throughput

Using iperf3 to test routing traffic between a VM on my server VLAN and a VM on my client VLAN (both connected via 10-gigabit connections):

UDM Pro Max Result: 3.02 Gbps

Considering the 10-gigabit connections, that’s not great.

EFG Result: 5.06 Gbps

Over 2 gigabits per second faster than the UDM Pro Max—a significant improvement.

Analysis

There’s clearly a performance difference between the two units, which I’d expect given the hardware differences and cost disparity. Fundamentally, it appears both units suffer from the same issue pfSense has with routing: they use the CPU to handle moving packets between networks, tying performance to CPU clock speeds and thread counts.

I had hoped that with the EFG, Ubiquiti might have added an ASIC or dedicated silicon for routing tasks, but it doesn’t appear they did.

Honest Assessment

The UDM Pro Max

At $599, the UDM Pro Max’s ability to be your all-in-one controller for all UniFi products is its big selling point. For small or medium businesses, this price tier is reasonable. Having dual redundant storage for video and additional SSD storage for Ubiquiti apps makes it a solid choice on the higher end.

For homelabbers with slower Internet speeds, you can get a UDM Pro for $379—perfect if you have 1Gig Internet or less.

However, I don’t think Ubiquiti is being honest about the unit’s 5-Gig throughput capability. I’ve never been able to fully utilize my 5-gig Internet connection, and before comparing with the EFG, I thought my ISP was the bottleneck. Turns out they aren’t, and the UDM Pro Max was.

Since that performance rating was a key selling point for choosing the UDM Pro Max over the regular UDM Pro, I’m frankly a little upset about this. Combined with its lackluster inter-VLAN routing capability, it’s left me feeling somewhat cheated.

The Enterprise Fortress Gateway

At $1,999, the EFG’s price is on another planet entirely. Ubiquiti is clearly targeting a different market segment, one I’m not entirely certain they understand how to sell to yet—and I think that shows.

Yes, it has server-class silicon. Yes, it has 25-gig connectivity. Yes, it’s clearly able to handle faster Internet connections. Yes, it can move more bits than the UDM Pro Max. But its inter-VLAN routing is only incrementally better and nowhere near even 10 gigabit performance.

It does have enterprise-level features like SSL inspection (typically only seen in enterprise firewalls) and redundant power supplies, but outside of that, I’m not really seeing anything that makes it enterprise-grade.

The Real Story

If you’re buying either of these systems, you’re probably not doing so because you want the best hardware performance possible. You’re buying them for the UniFi user experience. And that’s not nothing! Most of us buy into their hardware stack because of the dashboard, tight integration, and that sweet, sweet single pane of glass.

The biggest takeaway here is that there is more performance available the more money you spend on their hardware. But knowing that while you might be connected at 10-gig or 25-gig, your actual throughput will be significantly less.

Closing

Thanks for reading, and thanks to everyone who supports this work through Patreon and YouTube Memberships. If you’d like to support what we do, consider checking those out. Join our community Discord and chat with fellow homelabbers, geeks, and nerds.

See you on the next one!