You could, but that wouldn't limit your service object count which would be the real target here. If you know anything about the traffic or how it gets identified you could potentially lower your service object count, which is what you really would need to do to continue using your existing PA-5020. If you have applications that don't necessarily need to use the service object, you could remove them and specify application-default so you can lower your service object count. You could also create custom application signatures, but that's more time consuming and you need to capture the traffic flow to build a proper signature.
If you can lower your service object count you could continue to use your PA-5020, since I'm guessing this is the only issue you are running into. If you can't lower your service object count, you need to upgrade your hardware.
... View more