I know this is an old thread, by I landed here as I was looking for clarifications about using my AC68U as an AP today (and it was helpful enough so far).
And I know it's OT w.r.t the thread's title, but just for those doing my same experience, concerning the argument about "why don't remove the SonicWALL at all from the network chain ?" (or any other vendor's appliance with the same purpose (Watchguard, ZyWALLs etc), I think it's not that simple.
These appliances are usually, at barebones, full-fledged SPI firewalls. There are basic things like (e.g. allowing/denying single ports/IPs inboud/outbound) that you can't do with a NAT or basic SPI firewall (or you can with advance knowledge by messing first-hand with iptables, when offered/possible) that you usually and pretty easily do with dedicated appliances (let alone define objects such as address IP/groups and service/service groups and build firewall policies using them).
Most modern appliances, even offer DPI-SSL inspection and proxies with various protocols. Also most of them now are UTM (Unified Threat Management) devices, offering (invariably paid-for) capabilities such as Intrusion Prevention, anti spam, antivirus, etc etc. And while I appreciate a lot some of the recent (remarkably free) McAfee integrations in my Asus, they're still different things.
Last point, not all of the vendors request you paying for basic firewall/networking functions and firmware upgrades. In my direct experience, Watchguard, SonicWALL and ZyXEL's ZyWALL USGs let you do it for free (SonicWALL requires product registration in their portal first, but that's all). Other want to be paid instead, and that's the case of CheckPoint and Fortinet for example.
Peppe
