You're on the right track. The sale of a shiny new ADTRAN firewall is most always the best approach. To add a second WAN link (essentially a third interface for a unit with only two physical interfaces), sub-interfaces are the way to go.
Keep in mind that the 3400-series units are designed to process a certain amount of traffic. Throughput may be limited by what the routing engine can handle. Adding a second WAN link may aggravate the situation if you're using fast WAN links, which are becoming common. The ADTRAN pre-sales support team is very helpful and I encourage you to check with them before implementing changes.