We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


SonicWall - can I use NAT router inside to avoid node upgrades?

Medium Priority
Last Modified: 2012-05-06
We have a 10 node sonicwall 190TZ.  It is for a small office of 12 users.  Can I just put a NAT router between the users and the SonicWall, so the SonicWall sees just one IP address, and save myself the 25 node upgrade costs?

woudl there be any downsides to this solutions?

Watch Question

What is the Sonicwall doing for you that the separate NAT router wouldn't do for you?

A good quality NAT router seems like an expensive solution, but it may do so.

However, in terms of logs and auditing, you won't have any usable ones on the Sonicwall, for your inside ips.

Also, the configuration would be difficult to maintain in case you need to forward ports.
The downside of using NAT (POOL) router is that you have to specify any incoming traffic. If you don;t need to do this much, then you have your saving.
If you are talking about branche offices, I imagine you want any-to-any communication between the users/servers.
The additional NAT introduces another Layer 3 hop into your network, and added latency.    The answer is probably you CAN, but you SHOULDN't.

There are a lot of things one CAN do when building a LAN, that one should never do,  and I don't think avoiding a few hundred $$ in license costs is a good reason to do it wrong.

The added NAT router is also another component that can fail, and increases the complexity of your LAN, difficulty maintaining it, difficulty troubleshooting problems, difficulty explaining to people how it works.

And difficulty setting up software in the future that will require inbound connections.

I think the preferred solution would be to just get rid of the sonicwall, and use an unrestricted NAT device with firewalling capabilities.

i.e. an old box with two NICs running pfsense.

Your two _good_ options that reflect proper network design and are least likely to break are either.

(a) Get the Sonicwall  out of the mix

(b) Pay for those licenses

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Irwin W.There are a 1000 ways to skin the technology cat.

THe Sonicwalls are great devices don't get rid of it!  Many manufacturers will charge you by the node.  Unfortunately future expansion may not have been properly planned.

I would recommend that you pay for the 5 node which doubles the number of network clients that can connect.  Besides, you have already have made a significant investment into your Sonicwall it would be fool hardy to start over with another device(I.M.O)

The sonicwall is an ok device, you may find another device that better suits your needs, with smaller ongoing costs, and I strongly suggest you look at all options.
You should analyze based on your business needs and determine what the Sonicwall provides for you, and if it's worth paying for the updates you will need, or if there's a more appropriate option that is more inline with what you want to pay.

Your past investment in the Sonicwall is already worthless, unless it reduces your cost of upgrade sufficiently that maintaining the Sonicwall is now less expensive than picking an alternative.

If that's the case, then your investment in the Sonicwall is worth exactly what it reduces your costs by.   Don't keep a device just because you've already paid something for it,  that's a more costly or not-as-good way to proceed.


All points I cannot argue with!  Was feeling sorry for nonprofit client. But thanks for reminder to always try and find a way stick with best practice.
Thanks nappy_d and others who assisted.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.