
SonicWall is discontinuing its entire email security range. For organisations currently using a SonicWall Email Security Appliance, the software or the hosted service, this marks the start of a clearly defined countdown. Those who delay the switch risk not only security gaps, but also issues with compliance and availability.
SonicWall is discontinuing its entire email security product range. All three deployment options are affected:
SonicWall’s official end-of-life announcement (early February 2026) specifies the following cut-off dates:
| Phase | Date | Meaning |
|---|---|---|
| Last Order Day (End of Sales) | 30 April 2026 | Last day on which the product can be ordered from SonicWall |
| End of Sale / Start of Limited Retirement Mode | 1 May 2026 | Sales end; only critical security and bug fixes will be provided |
| End of Support | 1 May 2027 | No further technical support, firmware updates or hardware replacements |
| Hosted Email Security deactivation | 2 May 2027 | The hosted service will no longer process redirected emails |
After 1 May 2027, existing customers who continue to operate their appliances, virtual appliances or the software will no longer receive any updates, support or replacements. Remaining stock and associated materials will then no longer be available.
SonicWall cites the significant shift of email infrastructure to the cloud, driven primarily by Microsoft 365 and Google Workspace. The traditional Secure Email Gateway (SEG) technology, on which SonicWall Email Security is based, was designed for purely on-premises email servers and is now considered obsolete in this form.
SonicWall officially recommends that its existing customers switch to cloud-based email infrastructure and, for continued protection, points to an existing partnership with Avanan (now part of Check Point). This means that the path suggested by the manufacturer itself does not lead to a new SonicWall product, but to a third-party provider.
For you as a user, this presents three strategic options, which we evaluate below:
It is tempting to continue using an end-of-life security solution because it still works at first – but this is particularly risky when it comes to email security. Email remains the most significant attack vector: phishing, Business Email Compromise (BEC) and malware attachments are overwhelmingly delivered via email.
There are three clear reasons against continuing to use the solution beyond the end of support:
Rather than generic email account tips (strong passwords, 2FA), the key lies at the organisational level: an effective inbound gateway or platform-based email analysis, correctly configured authentication records, and a well-thought-out migration plan. This is precisely where the following two alternatives come into play – albeit in very different ways.
WatchGuard Email Protection is a cloud-based secure email gateway – and is therefore the most direct replacement, in terms of design, for an existing SonicWall email security installation.
How it works and key features:
Who is it suitable for? WatchGuard Email Protection is particularly well suited to small and medium-sized enterprises looking for a functionally comparable, easy-to-operate gateway replacement and wishing to minimise the migration effort.
Cortex Advanced Email Security from Palo Alto Networks takes a fundamentally different approach. It is not a traditional gateway, but rather an AI-powered email security module within the Cortex platform (Cortex XSIAM or XDR). The solution has been generally available since mid-2025 and is being continuously enhanced.
How it works and key features:
Who is it suitable for? Cortex Advanced Email Security is aimed at organisations with their own Security Operations Centre (SOC) or those seeking to consolidate their security tools onto a single platform. The added value comes from platform-wide correlation – not from isolated mailbox scanning.
→ Cortex Advanced Email Security
The two alternatives address the same starting point at two different levels:
If you are looking for the most seamless possible replacement for an end-of-life appliance or hosted service, WatchGuard is the more obvious choice. If you are already working towards a consolidated, AI-powered security platform with SOC operations, Palo Alto really comes into its own.
| Criterion | WatchGuard Email Protection | Palo Alto Cortex Advanced Email Security |
|---|---|---|
| Product category | Cloud Secure Email Gateway (modernised SEG approach) | AI/platform module within Cortex XSIAM/XDR |
| Basic principle | Filter incoming email traffic | Correlate email threats across the platform |
| Core technology | Reputation- and signature-based filters, anti-spam, anti-phishing and anti-malware, outbound filtering | LLMs, behavioural and intent analysis, cross-domain correlation, automated response |
| Deployment | Pure cloud, redirection via MX record | Integrated into the Cortex platform (part of a SecOps stack) |
| Integration | Microsoft 365, Exchange, Google Workspace | Cortex platform, WildFire, Advanced URL Filtering, identity/endpoint/network data |
| Typical target audience | SMEs and mid-market organisations; direct replacement for SonicWall ES | Organisations with a SOC / platform strategy |
| Administration | Web console, multi-tenant (profiles per user/domain) | Central analyst interface in the Cortex tenant |
| Migration effort | Low (update MX records, set up SPF) | Higher (platform-based decision rather than purely gateway-based) |
Regardless of the solution you choose, protection is shifting from the on-premises device to the cloud. There are three points you should bear in mind during the migration:
An often-overlooked aspect: the end-of-life announcement is also a good opportunity to review the entire security stack. If firewalls or UTM appliances are due for a lifecycle change at the same time, procurement and migration can be combined. In our shop, we offer both new and certified refurbished enterprise hardware – a sensible option if the hardware component of the stack is to be economically upgraded independently of the (cloud-based) email protection.
From 30 April 2026, it will no longer be possible to purchase new licences for SonicWall Email Security; support will end on 1 May 2027; and the hosted service will be shut down on 2 May 2027.
Our recommendation as a SonicWall Mastery Gold Partner:
We’d be happy to assist you in assessing your current situation and selecting the right solution. Simply get in touch via our contact form – our team will be happy to help you plan and implement your migration.