3. July 2026
Lesezeit: ca. 6 Minuten
Linda Fritzler

SonicWall Email Security is being discontinued: alternatives from WatchGuard and Palo Alto

SonicWall is discontinuing its entire email security range. For organisations currently using a SonicWall Email Security Appliance, the software or the hosted service, this marks the start of a clearly defined countdown. Those who delay the switch risk not only security gaps, but also issues with compliance and availability.

This is being phased out at SonicWall

SonicWall is discontinuing its entire email security product range. All three deployment options are affected:

  • The Email Security software
  • All physical and virtual appliances (all models)
  • The Hosted Email Security service

SonicWall’s official end-of-life announcement (early February 2026) specifies the following cut-off dates:

Phase Date Meaning
Last Order Day (End of Sales) 30 April 2026 Last day on which the product can be ordered from SonicWall
End of Sale / Start of Limited Retirement Mode 1 May 2026 Sales end; only critical security and bug fixes will be provided
End of Support 1 May 2027 No further technical support, firmware updates or hardware replacements
Hosted Email Security deactivation 2 May 2027 The hosted service will no longer process redirected emails

After 1 May 2027, existing customers who continue to operate their appliances, virtual appliances or the software will no longer receive any updates, support or replacements. Remaining stock and associated materials will then no longer be available.

Why SonicWall is discontinuing its email security solution

SonicWall cites the significant shift of email infrastructure to the cloud, driven primarily by Microsoft 365 and Google Workspace. The traditional Secure Email Gateway (SEG) technology, on which SonicWall Email Security is based, was designed for purely on-premises email servers and is now considered obsolete in this form.

SonicWall officially recommends that its existing customers switch to cloud-based email infrastructure and, for continued protection, points to an existing partnership with Avanan (now part of Check Point). This means that the path suggested by the manufacturer itself does not lead to a new SonicWall product, but to a third-party provider.

For you as a user, this presents three strategic options, which we evaluate below:

  1. follow SonicWall’s recommendation (Check Point/Avanan),
  2. choose a direct gateway replacement (WatchGuard Email Protection),
  3. integrate the protection into a comprehensive SecOps platform (Palo Alto Cortex Advanced Email Security).

Why ‘continuing to use’ is not an option

It is tempting to continue using an end-of-life security solution because it still works at first – but this is particularly risky when it comes to email security. Email remains the most significant attack vector: phishing, Business Email Compromise (BEC) and malware attachments are overwhelmingly delivered via email.

There are three clear reasons against continuing to use the solution beyond the end of support:

  • No more security updates. New vulnerabilities in the appliance or software will no longer be addressed after 1 May 2027. An unpatched security component at the email gateway is a contradiction in terms.
  • Compliance and regulatory risks. For many companies in the DACH region, the implementation of NIS2 is tightening the requirements for technical and organisational security measures. Deliberately continuing to operate a security solution that is no longer supported is difficult to justify to regulators, auditors or insurers. Added to this are the GDPR’s accountability requirements regarding the processing of personal data in emails.
  • Operational risk in the event of hardware failure. Without spare parts and hardware replacement, any fault in a physical appliance becomes an emergency with no safety net.

Rather than generic email account tips (strong passwords, 2FA), the key lies at the organisational level: an effective inbound gateway or platform-based email analysis, correctly configured authentication records, and a well-thought-out migration plan. This is precisely where the following two alternatives come into play – albeit in very different ways.

Alternative 1: WatchGuard Email Protection

WatchGuard Email Protection is a cloud-based secure email gateway – and is therefore the most direct replacement, in terms of design, for an existing SonicWall email security installation.

How it works and key features:

  • Purely cloud-based operation, no on-premises infrastructure. All checks take place in the WatchGuard cloud. The migration is essentially carried out by changing the MX records – incoming emails are routed via WatchGuard for checking and then delivered to your mail server.
  • Multi-layered protection against spam, phishing and malware, including ransomware, with anti-phishing mechanisms such as link tracking and detection of malicious scripts.
  • Outbound filtering and bounce management: Outgoing emails are also scanned for spam and viruses, which protects your domain’s delivery reputation.
  • Centralised quarantine and web console: Administrators manage security profiles by user, domain or organisation and can release messages with a single click. Email Live Tracking offers real-time log analysis, including SMTP traces and headers.
  • Integrations for Microsoft 365, Microsoft Exchange and Google Workspace are documented – meaning the solution covers both pure cloud and hybrid environments.

Who is it suitable for? WatchGuard Email Protection is particularly well suited to small and medium-sized enterprises looking for a functionally comparable, easy-to-operate gateway replacement and wishing to minimise the migration effort.

WatchGuard Email Protection

Alternative 2: Palo Alto Networks Cortex Advanced Email Security

Cortex Advanced Email Security from Palo Alto Networks takes a fundamentally different approach. It is not a traditional gateway, but rather an AI-powered email security module within the Cortex platform (Cortex XSIAM or XDR). The solution has been generally available since mid-2025 and is being continuously enhanced.

How it works and key features:

  • Intent analysis using generative AI: Rather than relying solely on signatures and keywords, the solution utilises large language models (LLMs), behavioural analysis and user profiles to assess the actual intent behind a message. This specifically targets modern, AI-generated phishing and BEC attacks that no longer exhibit traditional tell-tale signs such as grammatical errors.
  • Cross-domain correlation: Email signals are linked with data from identity, endpoint, network, cloud and SaaS sources. This enables an attack to be traced from the initial lure through to follow-up activities such as credential theft or lateral movement.
  • In-depth content analysis of URLs and attachments via Advanced URL Filtering and Advanced WildFire, supplemented by risk scoring to reduce alert fatigue.
  • Automated response: Malicious emails are removed, compromised accounts are blocked and endpoints are isolated in real time – reducing response times from hours to minutes.

Who is it suitable for? Cortex Advanced Email Security is aimed at organisations with their own Security Operations Centre (SOC) or those seeking to consolidate their security tools onto a single platform. The added value comes from platform-wide correlation – not from isolated mailbox scanning.

Cortex Advanced Email Security

Gateway Replacement vs. Platform Approach

The two alternatives address the same starting point at two different levels:

If you are looking for the most seamless possible replacement for an end-of-life appliance or hosted service, WatchGuard is the more obvious choice. If you are already working towards a consolidated, AI-powered security platform with SOC operations, Palo Alto really comes into its own.

Criterion WatchGuard Email Protection Palo Alto Cortex Advanced Email Security
Product category Cloud Secure Email Gateway (modernised SEG approach) AI/platform module within Cortex XSIAM/XDR
Basic principle Filter incoming email traffic Correlate email threats across the platform
Core technology Reputation- and signature-based filters, anti-spam, anti-phishing and anti-malware, outbound filtering LLMs, behavioural and intent analysis, cross-domain correlation, automated response
Deployment Pure cloud, redirection via MX record Integrated into the Cortex platform (part of a SecOps stack)
Integration Microsoft 365, Exchange, Google Workspace Cortex platform, WildFire, Advanced URL Filtering, identity/endpoint/network data
Typical target audience SMEs and mid-market organisations; direct replacement for SonicWall ES Organisations with a SOC / platform strategy
Administration Web console, multi-tenant (profiles per user/domain) Central analyst interface in the Cortex tenant
Migration effort Low (update MX records, set up SPF) Higher (platform-based decision rather than purely gateway-based)

Cloud rather than a traditional appliance

Regardless of the solution you choose, protection is shifting from the on-premises device to the cloud. There are three points you should bear in mind during the migration:

  • MX records and email flow: With a gateway approach such as WatchGuard, email flow is redirected via the MX records. Allow for a clean migration window and remove old MX entries completely to avoid delivery issues.
  • Strengthen authentication: Set up or update SPF, DKIM and DMARC. These records form the basis for protection against spoofing and brand impersonation – modern solutions actively evaluate them.
  • Data residency and the GDPR: With cloud-based scanning, your emails temporarily leave your infrastructure. Clarify the processing location (for EMEA, WatchGuard offers regional infrastructure, for example) and the processing of personal data in accordance with the GDPR – this is particularly important evidence in the context of NIS2.

An often-overlooked aspect: the end-of-life announcement is also a good opportunity to review the entire security stack. If firewalls or UTM appliances are due for a lifecycle change at the same time, procurement and migration can be combined. In our shop, we offer both new and certified refurbished enterprise hardware – a sensible option if the hardware component of the stack is to be economically upgraded independently of the (cloud-based) email protection.

Conclusion: Plan your migration now

From 30 April 2026, it will no longer be possible to purchase new licences for SonicWall Email Security; support will end on 1 May 2027; and the hosted service will be shut down on 2 May 2027.

Our recommendation as a SonicWall Mastery Gold Partner:

  1. Assess your current situation: Which deployment model (appliance, software, hosted) is currently in use, and is the email infrastructure already running in the cloud (Microsoft 365 / Google Workspace) or still on-premises?
  2. Select your target scenario: Direct gateway replacement (WatchGuard) or platform consolidation (Palo Alto Cortex) – depending on size, SOC maturity and security strategy.
  3. Schedule the migration: Plan the transition well in advance of the end of sales to avoid pressure and ensure that parallel test operations remain possible.

We’d be happy to assist you in assessing your current situation and selecting the right solution. Simply get in touch via our contact form – our team will be happy to help you plan and implement your migration.

Service Hotline
+49 (0)391 8358-419549
Mon-Thu, 9:00 a.m. - 4:30 p.m. and Fri, 9:00 a.m. - 3:00 p.m.
(at standard landline rates; mobile phone rates depend on the respective mobile phone provider)
eyeusercalendar-fullmagnifiercrosslistchevron-leftchevron-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram