0 comments

Used firewall: FortiGate, SonicWall, Palo Alto

Q: Peut-on utiliser un firewall d'occasion sans abonnement de sécurité actif ?

Oui, pour les fonctions de base : routage stateful, NAT, filtrage IP/port et VPN IPsec fonctionnent sans licence active. En revanche, les fonctions UTM/NGFW avancées (IPS, antivirus de flux, filtrage d'URL, sandboxing) nécessitent un abonnement actif. Une PME avec un réseau bien segmenté peut se contenter des fonctions de base.

Q: Quelle est la différence entre un FortiGate 60E et un 60F d'occasion ?

Le 60E (NP6Lite) délivre 3 Gbps firewall et 200 Mbps UTM. Le 60F (NP6XLite) atteint 10 Gbps firewall et 1 Gbps UTM — soit 5 fois plus performant. Le 60E est en EOL matériel depuis octobre 2024 et ne supporte plus FortiOS au-delà de 7.0.x. Préférez le 60F d'occasion (200–380 €) pour toute installation neuve.

Q: Les licences UTM/NGFW sont-elles incluses avec un firewall reconditionné ?

Non. Les licences (FortiCare, SonicWALL CGSS, Palo Alto subscriptions) sont nominatives et ne se transfèrent jamais avec la revente matérielle. Vérifiez toujours la date d'expiration via le numéro de série sur le portail constructeur avant d'acheter.

Q: Comment vérifier la version firmware d'un FortiGate d'occasion ?

Via CLI (SSH ou port console) : commande get system status affiche la version FortiOS, le numéro de série et le statut des licences. Via interface web HTTPS : System > Dashboard > Status. Consultez docs.fortinet.com pour la dernière branche stable supportée par votre modèle.

Q: Quelle durée de vie peut-on attendre d'un pare-feu d'occasion ?

Un FortiGate ou SonicWall avec 3 à 4 ans d'usage dispose de 4 à 6 ans de vie restante si l'alimentation est saine. Les ASIC réseau (FortiASIC NP, SonicWALL Security Processor) ont une durée de vie de 10 à 15 ans. Vérifiez les heures via get hardware status et l'état des ventilateurs avant achat.

A refurbished firewall costs 40 to 70% less than its new equivalent, but the used firewall market has specific pitfalls. The reason is simple: a firewall is inseparable from its firmware, security licenses (IPS, flow antivirus, URL filtering), and manufacturer support status. A used FortiGate 60E at €120 without active FortiCare will give you a limited UTM throughput of 200 Mbps and no signature base updates — basically a sieve against 2026 threats. In France, three brands dominate the used firewall market: Fortinet (FortiGate), SonicWall, and Palo Alto Networks, all from corporate fleet renewals. This guide explains how to evaluate each model, which pitfalls to avoid, and what you must demand from a serious refurbished firewall reseller.

What you really need to know before buying a used firewall

Firmware, end of life, and supported branches

Each model has a hardware end-of-life (EOL) date and a software end-of-support (EOS) date. Beyond EOS, you no longer receive any security patches — critical for equipment filtering all incoming traffic. Concrete examples:

FortiGate 60E: hardware EOL October 2024, last FortiOS branch = 7.0.x
FortiGate 60F: hardware EOL 2027, supports FortiOS 7.4.x (until end 2026)
SonicWall TZ300: software EOS 2023, no longer supports SonicOS 7.x
Palo Alto PA-220: supports PAN-OS 11.1.x until mid-2027
Palo Alto PA-820: supports PAN-OS 11.2.x, hardware EOL planned for 2028

UTM/NGFW licenses: what never transfers

Security subscriptions (FortiCare, SonicWALL CGSS/EPSS, Palo Alto Threat Prevention, WildFire, DNS Security) are personal and linked to the original owner's contract. They never transfer with hardware resale. What you buy is hardware only. License renewals are done directly with the manufacturer or an authorized partner.

Indicative annual license budget 2026:

FortiGate 60F: FortiCare 360 + UTP Bundle ≈ €350–450/year
SonicWall TZ470: Essentials Pack (EPSS) ≈ €400–550/year
Palo Alto PA-220: Threat Prevention + DNS Security + WildFire ≈ €800–1,200/year

5 questions you must ask your reseller

What is the serial number and expiration date of active licenses?
Has the firewall been reset to factory configuration (factory reset)?
What firmware version is installed and to which version can it be upgraded?
Have all physical interfaces been tested (RJ45 GbE, SFP, console port)?
Is the hardware registered under a partner account allowing support transfer?

Comparison of used firewall models: FortiGate, SonicWall, Palo Alto

The following table covers the most available models on the refurbished firewall market in 2026, with technical specifications, limitations, and indicative prices excluding licenses.

Model	Strengths	Limitations	Refurbished price
FortiGate 60F	10 Gbps firewall, 1 Gbps UTM (NP6XLite), 10 GbE ports, native SD-WAN, SSL-VPN	No 10 GbE port, 2 GB RAM, max 200 VPN tunnels	200–380 €
FortiGate 100F	20 Gbps firewall, 1 Gbps NGFW, 2 SFP+ 10 GbE ports, native active/passive HA	FortiCare annual bundle €700–900/year, 4 GB RAM	600–1 100 €
SonicWall TZ470	3.5 Gbps firewall, 1.5 Gbps Threat Prevention, SD-WAN, 8 GbE + 2 SFP	Depends on CGSS/EPSS subscription for IPS and active URL filtering	380–650 €
Palo Alto PA-220	Full-proxy NGFW App-ID, native application visibility, 4 GbE, PAN-OS 11.x	500 Mbps max SSL inspection, licenses €800–1,200/year	320–580 €
FortiGate 200F	27 Gbps firewall, 3 Gbps NGFW, 16 GbE + 4 SFP+ 10 GbE, HA included, 8 GB RAM	1U rack format, 65 W power consumption, high licenses	1 400–2 200 €

Selection criteria based on your usage

SMEs < 20 workstations: sufficient throughput at lower cost

For a setup with fewer than 20 workstations and fiber Internet access up to 1 Gbps symmetrical, the used FortiGate 60F (€200–380) offers 1 Gbps UTM throughput with active licenses and supports FortiOS 7.4.x until 2027. The SonicWall TZ370 (€150–280) suits a simple NAT + site-to-site VPN configuration on a tight budget. At this scale, Palo Alto is not economically justifiable: licenses alone exceed €800/year for fewer than 20 users.

SMEs 20-100 workstations: balance throughput and inspection

The used FortiGate 100F (€600–1,100) leads with 1 Gbps NGFW, integrated SD-WAN, and 2 10 GbE SFP+ ports for uplink to a used core switch. The SonicWall TZ470 (€380–650) is an alternative if you prefer a simpler management interface. Be sure to check multi-WAN with automatic failover if you have two providers.

ETI > 100 workstations: SSL inspection and advanced VLAN segmentation

The used FortiGate 200F (€1,400–2,200) or the Palo Alto PA-820 (€1,800–3,000) are the natural candidates. The PA-820 offers 1.9 Gbps of App-ID application throughput with full SSL inspection — essential to meet the ANSSI recommendations on information system protection. Plan for €2,000 to €4,000/year in licenses for a fully equipped PA-820.

What itandoffice.com guarantees on refurbished firewalls

A refurbished enterprise firewall is a critical security device. Systematic protocol applied by itandoffice.com:

Complete factory reset: factory reset via CLI (execute factoryreset on FortiGate) — no previous configuration, rules, or credentials remain
Test of all physical interfaces: each RJ45, SFP, and console port individually tested at full throughput
Firmware update: updated to the latest supported stable version (FortiOS, SonicOS, PAN-OS depending on brand)
Hardware license check: verification on manufacturer portal via serial number, expiration date provided in product sheet
24-hour stability test: simulated load (simultaneous TCP/UDP, iperf3) for at least 24 hours
Thermal control: processor and ASIC temperature readings, fan status check before shipment

3-year TCO comparison — FortiGate 100F:

New: €2,800 hardware + €2,100 FortiCare 36 months = €4,900 including tax
Refurbished itandoffice.com: €850 hardware + €2,100 FortiCare 36 months = €2,950 including tax
Savings on total TCO: 40%, or €1,950 over 3 years

30-day money-back satisfaction guarantee. Physical stock in France, delivery in 24–72 hours: France, Belgium, Luxembourg, Switzerland, Netherlands, Germany, United Kingdom, Spain, Italy, Portugal.

FAQ — The 5 most frequently asked questions about second-hand firewalls

Can you use a second-hand firewall without an active security subscription?

Yes, for basic functions: stateful routing, NAT, IP/port filtering, and IPsec VPN work without a license. However, advanced UTM/NGFW features (IPS, flow antivirus, URL filtering, sandboxing, SSL inspection) require an active subscription. A small or medium-sized business with a well-segmented and minimally exposed network can manage with basic functions; an organization with active HTTPS traffic to public services needs inspection licenses.

What is the difference between a used FortiGate 60E and 60F?

The 60E (NP6Lite) delivers 3 Gbps firewall and 200 Mbps UTM. The 60F (NP6XLite) reaches 10 Gbps firewall and 1 Gbps UTM — five times more powerful in content inspection. The 60E is at end of hardware life (EOL October 2024) and no longer receives FortiOS updates beyond 7.0.x. Prefer the refurbished 60F (200–380 €) for any new installation.

Are UTM/NGFW licenses included with a refurbished firewall?

No, never. Licenses (FortiCare, SonicWALL CGSS, Palo Alto subscriptions) are personal and do not transfer with hardware resale. Some resellers offer equipment with recently renewed subscriptions — require proof via the manufacturer portal and serial number. itandoffice.com always indicates license status on each product sheet.

How to check the firmware version of a used FortiGate?

Via CLI (SSH or RJ45 console port): the command get system status displays the FortiOS version, serial number, and license status. Via HTTPS web interface: System > Dashboard > Status. For the 60F, stable branch mid-2026: FortiOS 7.4.x; for the 100F: FortiOS 7.6.x available from Q4 2025.

What lifespan can you expect from a used firewall?

A FortiGate or SonicWall with 3 to 4 years of use has 4 to 6 years of remaining life if the power supply is healthy. Network ASICs (FortiASIC NP, SonicWALL Security Processor) have a hardware lifespan of 10 to 15 years. Check the hours logged via get hardware status on FortiGate — a fan rolling noise signals a failure within 6–18 months.

Conclusion

Buying a used firewall saves 40% on the total TCO over 3 years, provided you follow three rules: check the supported firmware branch, budget licenses separately, and require a documented factory reset. Refurbished FortiGate 60F, 100F, SonicWall TZ470, and Palo Alto PA-220 models cover 90% of the needs of French SMEs and mid-sized companies. Check out the used firewalls catalog or our complete guide to used IT equipment to build a secure infrastructure at a lower cost.

Tags: Firewall occasion, Fortigate occasion, Matériel réseau occasion, Ngfw reconditionné, Palo alto occasion, Pare-feu entreprise, Pare-feu reconditionné, Sécurité réseau pme, Sonicwall occasion, Utm occasion

Previous article Next article

Recover password

Used Firewalls: FortiGate, SonicWall, Palo Alto