SonicWall - can I use NAT router inside to avoid node upgrades?

We have a 10 node sonicwall 190TZ.  It is for a small office of 12 users.  Can I just put a NAT router between the users and the SonicWall, so the SonicWall sees just one IP address, and save myself the 25 node upgrade costs?

woudl there be any downsides to this solutions?

Who is Participating?
MysidiaConnect With a Mentor Commented:
The additional NAT introduces another Layer 3 hop into your network, and added latency.    The answer is probably you CAN, but you SHOULDN't.

There are a lot of things one CAN do when building a LAN, that one should never do,  and I don't think avoiding a few hundred $$ in license costs is a good reason to do it wrong.

The added NAT router is also another component that can fail, and increases the complexity of your LAN, difficulty maintaining it, difficulty troubleshooting problems, difficulty explaining to people how it works.

And difficulty setting up software in the future that will require inbound connections.

I think the preferred solution would be to just get rid of the sonicwall, and use an unrestricted NAT device with firewalling capabilities.

i.e. an old box with two NICs running pfsense.

Your two _good_ options that reflect proper network design and are least likely to break are either.

(a) Get the Sonicwall  out of the mix

(b) Pay for those licenses
What is the Sonicwall doing for you that the separate NAT router wouldn't do for you?

A good quality NAT router seems like an expensive solution, but it may do so.

However, in terms of logs and auditing, you won't have any usable ones on the Sonicwall, for your inside ips.

Also, the configuration would be difficult to maintain in case you need to forward ports.
The downside of using NAT (POOL) router is that you have to specify any incoming traffic. If you don;t need to do this much, then you have your saving.
If you are talking about branche offices, I imagine you want any-to-any communication between the users/servers.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
THe Sonicwalls are great devices don't get rid of it!  Many manufacturers will charge you by the node.  Unfortunately future expansion may not have been properly planned.

I would recommend that you pay for the 5 node which doubles the number of network clients that can connect.  Besides, you have already have made a significant investment into your Sonicwall it would be fool hardy to start over with another device(I.M.O)
The sonicwall is an ok device, you may find another device that better suits your needs, with smaller ongoing costs, and I strongly suggest you look at all options.
You should analyze based on your business needs and determine what the Sonicwall provides for you, and if it's worth paying for the updates you will need, or if there's a more appropriate option that is more inline with what you want to pay.

Your past investment in the Sonicwall is already worthless, unless it reduces your cost of upgrade sufficiently that maintaining the Sonicwall is now less expensive than picking an alternative.

If that's the case, then your investment in the Sonicwall is worth exactly what it reduces your costs by.   Don't keep a device just because you've already paid something for it,  that's a more costly or not-as-good way to proceed.
jennynoverAuthor Commented:
All points I cannot argue with!  Was feeling sorry for nonprofit client. But thanks for reminder to always try and find a way stick with best practice.
Thanks nappy_d and others who assisted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.