Can a UniFi Security Gateway act as a controller?
Published onby Iron
This is a question we get a lot, and it's an understandable one. The UniFi Security Gateway (USG) looks like it should be able to manage your network all by itself. It handles routing, firewall rules, and VPNs. So can it also act as a controller for your UniFi setup?
Let’s break it down.
🚨 Before we dive in, please don't self-host your UniFi Controller if you take care of client networks. Sooner or later this will cause issues! It's fine for home users, but definitely not recommended for IT service businesses and MSPs. If you want secure, reliable and a scalable hosting solution check out UniHosted.
Table of Contents
- What is the UniFi Security Gateway?
- What is the UniFi Controller?
- So can the USG run the controller?
- But wait—what about the newer UniFi gateways like the UDM?
- What happens if I use a USG without a controller?
- What's the workaround if I already own a USG?
- Final Thoughts
What is the UniFi Security Gateway?
The UniFi Security Gateway is essentially a router with some extra brains. It’s designed to plug into your modem and become your network’s firewall and router. It offers features like:
- NAT, firewall, and VLAN support
- VPN configuration
- DHCP server capabilities
- Basic traffic statistics (when paired with a controller)
But it’s not a controller. It never was.
What is the UniFi Controller?
The UniFi Controller (also called the UniFi Network Application) is the actual software that manages your entire UniFi network: Access Points, Switches, Security Gateways (including the USG), and more.
It’s where you configure your networks, manage firmware, see connected clients, and adjust everything from Wi-Fi settings to advanced routing policies. Think of it as the central nervous system of your UniFi deployment.
You can run the UniFi Controller in several ways:
- On a Cloud Key
- On a UniFi Console (like a Dream Machine or UDM Pro)
- On a self-hosted server (Windows, macOS, or Linux)
- Using UniFi’s official cloud hosting
- Or through services like ours at UniHosted
So can the USG run the controller?
No, it can’t.
The USG doesn't have the internal storage or processing capability to run the UniFi Network Application. It's designed to be managed by a controller, not to host one itself.
When you plug in a USG for the first time, it’ll show up as “pending adoption” in your UniFi Controller dashboard. You’ll then need to adopt it just like any other UniFi device.
Once adopted, the controller pushes configurations to it—things like firewall rules, VLANs, and VPN settings. Without a controller, you’re stuck.
But wait—what about the newer UniFi gateways like the UDM?
That’s a different story.
The newer “Dream” line of products—like the UniFi Dream Machine (UDM), Dream Router (UDR), Dream Machine Pro (UDM Pro), and Dream Wall— do include a built-in controller. These are known as UniFi Consoles.
They run UniFi OS and can manage your entire UniFi environment right out of the box. That means you don’t need a separate Cloud Key or server to run the controller software.
So if you’re looking for a “gateway + controller” in one device, you’ll want one of the Dream products, not the USG.
What happens if I use a USG without a controller?
Technically, you can plug in a USG and it’ll hand out IPs and route traffic. But you’ll be operating blind.
You won’t be able to:
- View or manage any of your UniFi devices
- Push firmware updates
- Adjust Wi-Fi settings
- Configure VLANs or advanced routing
- Monitor bandwidth or device status
- Set up alerts or remote access
And even worse, the USG won't retain any configuration beyond its basic routing capabilities if it hasn’t been adopted by a controller. So every reboot might throw things out of whack.
In short: the USG is useless without a controller. It’s not just inconvenient—it’s incomplete.
What's the workaround if I already own a USG?
If you already have a USG, the best move is to pair it with a UniFi Controller. You’ve got several hosting options:
- Cloud Key Gen2 Plus: a small dedicated device that runs the controller
- Self-hosting: if you're comfortable managing servers
- UniFi Consoles: replace your USG with a Dream Machine, which has the controller built in
- UniFi Hosting services: like what we offer at UniHosted. We'll host your controller in the cloud, keep it updated, backed up, and monitored. No hassle, no maintenance on your end.
Final Thoughts
The UniFi Security Gateway is a powerful part of your network, but it’s not a standalone solution. It cannot act as a UniFi Controller. If you're planning to run a UniFi network and already have a USG, make sure you’ve also got a controller in place—whether that’s a Cloud Key, a hosted solution, or one of UniFi's newer all-in-one Consoles.
If you're not keen on managing your own controller, we can help. At UniHosted, we run cloud-hosted UniFi Controllers with zero setup needed on your end. Everything’s backed up, updated, and monitored—so you can just focus on running your network.
Check out our plans or start for free at UniHosted.
If you would like me to personally walk you through UniHosted, you can schedule a call with me here.
We host UniFi Controllers in the Cloud
Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.
Free tier available
Get the best support
Join 1660+ customers
No credit card required