SonicWall - can I use NAT router inside to avoid node upgrades?

Posted on 2009-02-12
Medium Priority
Last Modified: 2012-05-06
We have a 10 node sonicwall 190TZ.  It is for a small office of 12 users.  Can I just put a NAT router between the users and the SonicWall, so the SonicWall sees just one IP address, and save myself the 25 node upgrade costs?

woudl there be any downsides to this solutions?

Question by:jennynover
LVL 23

Expert Comment

ID: 23628747
What is the Sonicwall doing for you that the separate NAT router wouldn't do for you?

A good quality NAT router seems like an expensive solution, but it may do so.

However, in terms of logs and auditing, you won't have any usable ones on the Sonicwall, for your inside ips.

Also, the configuration would be difficult to maintain in case you need to forward ports.

Expert Comment

ID: 23632954
The downside of using NAT (POOL) router is that you have to specify any incoming traffic. If you don;t need to do this much, then you have your saving.
If you are talking about branche offices, I imagine you want any-to-any communication between the users/servers.
LVL 23

Accepted Solution

Mysidia earned 500 total points
ID: 23641860
The additional NAT introduces another Layer 3 hop into your network, and added latency.    The answer is probably you CAN, but you SHOULDN't.

There are a lot of things one CAN do when building a LAN, that one should never do,  and I don't think avoiding a few hundred $$ in license costs is a good reason to do it wrong.

The added NAT router is also another component that can fail, and increases the complexity of your LAN, difficulty maintaining it, difficulty troubleshooting problems, difficulty explaining to people how it works.

And difficulty setting up software in the future that will require inbound connections.

I think the preferred solution would be to just get rid of the sonicwall, and use an unrestricted NAT device with firewalling capabilities.

i.e. an old box with two NICs running pfsense.

Your two _good_ options that reflect proper network design and are least likely to break are either.

(a) Get the Sonicwall  out of the mix

(b) Pay for those licenses
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

LVL 32

Expert Comment

ID: 23644628
THe Sonicwalls are great devices don't get rid of it!  Many manufacturers will charge you by the node.  Unfortunately future expansion may not have been properly planned.

I would recommend that you pay for the 5 node which doubles the number of network clients that can connect.  Besides, you have already have made a significant investment into your Sonicwall it would be fool hardy to start over with another device(I.M.O)
LVL 23

Expert Comment

ID: 23645759
The sonicwall is an ok device, you may find another device that better suits your needs, with smaller ongoing costs, and I strongly suggest you look at all options.
You should analyze based on your business needs and determine what the Sonicwall provides for you, and if it's worth paying for the updates you will need, or if there's a more appropriate option that is more inline with what you want to pay.

Your past investment in the Sonicwall is already worthless, unless it reduces your cost of upgrade sufficiently that maintaining the Sonicwall is now less expensive than picking an alternative.

If that's the case, then your investment in the Sonicwall is worth exactly what it reduces your costs by.   Don't keep a device just because you've already paid something for it,  that's a more costly or not-as-good way to proceed.

Author Closing Comment

ID: 31546388
All points I cannot argue with!  Was feeling sorry for nonprofit client. But thanks for reminder to always try and find a way stick with best practice.
Thanks nappy_d and others who assisted.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question