SonicWall - can I use NAT router inside to avoid node upgrades?

Posted on 2009-02-12
Last Modified: 2012-05-06
We have a 10 node sonicwall 190TZ.  It is for a small office of 12 users.  Can I just put a NAT router between the users and the SonicWall, so the SonicWall sees just one IP address, and save myself the 25 node upgrade costs?

woudl there be any downsides to this solutions?

Question by:jennynover
    LVL 23

    Expert Comment

    What is the Sonicwall doing for you that the separate NAT router wouldn't do for you?

    A good quality NAT router seems like an expensive solution, but it may do so.

    However, in terms of logs and auditing, you won't have any usable ones on the Sonicwall, for your inside ips.

    Also, the configuration would be difficult to maintain in case you need to forward ports.
    LVL 3

    Expert Comment

    The downside of using NAT (POOL) router is that you have to specify any incoming traffic. If you don;t need to do this much, then you have your saving.
    If you are talking about branche offices, I imagine you want any-to-any communication between the users/servers.
    LVL 23

    Accepted Solution

    The additional NAT introduces another Layer 3 hop into your network, and added latency.    The answer is probably you CAN, but you SHOULDN't.

    There are a lot of things one CAN do when building a LAN, that one should never do,  and I don't think avoiding a few hundred $$ in license costs is a good reason to do it wrong.

    The added NAT router is also another component that can fail, and increases the complexity of your LAN, difficulty maintaining it, difficulty troubleshooting problems, difficulty explaining to people how it works.

    And difficulty setting up software in the future that will require inbound connections.

    I think the preferred solution would be to just get rid of the sonicwall, and use an unrestricted NAT device with firewalling capabilities.

    i.e. an old box with two NICs running pfsense.

    Your two _good_ options that reflect proper network design and are least likely to break are either.

    (a) Get the Sonicwall  out of the mix

    (b) Pay for those licenses
    LVL 32

    Expert Comment

    THe Sonicwalls are great devices don't get rid of it!  Many manufacturers will charge you by the node.  Unfortunately future expansion may not have been properly planned.

    I would recommend that you pay for the 5 node which doubles the number of network clients that can connect.  Besides, you have already have made a significant investment into your Sonicwall it would be fool hardy to start over with another device(I.M.O)
    LVL 23

    Expert Comment

    The sonicwall is an ok device, you may find another device that better suits your needs, with smaller ongoing costs, and I strongly suggest you look at all options.
    You should analyze based on your business needs and determine what the Sonicwall provides for you, and if it's worth paying for the updates you will need, or if there's a more appropriate option that is more inline with what you want to pay.

    Your past investment in the Sonicwall is already worthless, unless it reduces your cost of upgrade sufficiently that maintaining the Sonicwall is now less expensive than picking an alternative.

    If that's the case, then your investment in the Sonicwall is worth exactly what it reduces your costs by.   Don't keep a device just because you've already paid something for it,  that's a more costly or not-as-good way to proceed.
    LVL 4

    Author Closing Comment

    All points I cannot argue with!  Was feeling sorry for nonprofit client. But thanks for reminder to always try and find a way stick with best practice.
    Thanks nappy_d and others who assisted.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Cisco Switch Swap 1 41
    Windows 10 nic replacing assing ip address 6 34
    Fiber Patch Panel 6 23
    pfSense IP Helper 4 30
    We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now