SD-WAN Branch Resilience: 4G/5G LTE Failover in Saudi Arabia

Branch site resilience is the unsung use case for SD-WAN. The headline benefits — application-aware routing, MPLS replacement, cost savings — get attention. The everyday benefit is keeping branches running when something fails. 4G/5G LTE failover via SD-WAN is the architecture that delivers branch-level resilience without the cost of dual fibre circuits. This piece walks through LTE failover for Saudi multi-site operations.

The branch resilience problem

Saudi branch sites — retail stores, hotel properties, logistics depots, healthcare clinics — depend on connectivity for: payment processing (POS, card readers), inventory and ERP systems, video surveillance back-haul, voice (VoIP), email and collaboration, security monitoring.

When the primary internet circuit fails, all of these stop. The failure modes: fibre cuts (construction work, road work), carrier outages (rare but disruptive), modem failures, electrical issues affecting carrier equipment.

For retail and hospitality especially, branch downtime directly costs revenue. A hotel with no internet for 4 hours during weekend check-in chaos is operationally crippled. A retail store unable to process card payments loses sales for the duration.

LTE failover use cases

Primary failover. When primary fibre fails, traffic automatically reroutes via 4G/5G LTE. SD-WAN policy detects the failure (typically within 10-30 seconds) and shifts traffic. Critical applications continue working at reduced bandwidth.

Bandwidth augmentation. When fibre is congested, SD-WAN can route specific applications via LTE to relieve congestion. Common during busy retail seasons.

Out-of-band management. LTE provides management access to SD-WAN edge device even when primary connectivity is fully down. Engineers can troubleshoot remotely.

Pop-up or temporary sites. Construction sites, event venues, temporary retail. LTE-as-primary deployments with no fibre needed.

4G vs 5G considerations

4G LTE: Mature, available across virtually all populated KSA. Speeds 30-150 Mbps typical. Latency 30-80ms. Adequate for most failover scenarios.

5G: Available in major Saudi cities and increasingly in smaller centres. Speeds 200-1000+ Mbps. Latency 10-30ms. Approaching fibre-equivalent for most use cases.

For failover purposes, 4G is usually sufficient — the goal is “keep critical traffic flowing”, not match primary fibre performance. 5G failover delivers near-primary performance but at higher device and data costs.

Saudi carrier LTE/5G coverage

STC: Largest 5G footprint in KSA. Strong 4G coverage everywhere. Premium pricing.

Mobily: Strong 5G in major cities. Competitive pricing for enterprise data plans.

Salam: Growing 5G presence. Competitive pricing. Often used as the secondary carrier for failover.

Best practice for failover: use a different carrier than your primary fibre. If primary fibre is STC, use Mobily or Salam SIM for LTE failover. This protects against carrier-wide outages.

Hardware approaches

Modem cards inside SD-WAN edge device. Cleanest deployment. The SD-WAN device has a modem slot; insert SIM. Auto-failover handled internally. Brands: Cisco Meraki MX with built-in cellular, Cisco Viptela ISR/vEdge with cellular cards, Fortinet FortiGate with cellular module.

External cellular modem. Standalone modem (Sierra Wireless, Cradlepoint, MoFi) connects to SD-WAN edge device via Ethernet WAN port. More flexible (can swap modems independently); slightly more complex.

Dedicated cellular router. For pop-up or LTE-only sites, a cellular router (Cradlepoint NetCloud, Cisco IR1101) handles WAN routing entirely via LTE. SD-WAN edge becomes redundant or simplified.

Cost models

Saudi LTE data plans for enterprise failover typically:

• 5-50 GB/month: SAR 100-300/month
• 50-200 GB/month: SAR 250-700/month
• Unlimited: SAR 500-1,500/month

5G plans run 30-50% premium over equivalent 4G plans.

For most failover use cases, 50 GB/month plans are sufficient — failover events are typically infrequent and short. For LTE-as-primary or LTE-as-major-augmentation, larger plans needed.

Security considerations

LTE failover creates a different security path than primary fibre. Traffic flows through carrier’s mobile network. Security implications:

• VPN and SD-WAN tunnel encryption protects traffic over LTE the same as over fibre — no new exposure
• Carrier-grade NAT in mobile networks affects some applications (rare for typical business traffic)
• SIM provisioning and theft considerations — physical SIM cards can be removed/stolen; eSIM and SIM lock features mitigate
• Static IP via APN configuration possible for inbound services (where needed)

The SLA conversation

Carrier mobile data SLAs are typically weaker than fixed-line SLAs. The SLA conversation:

• What’s the carrier’s commitment for mobile data uptime?
• What’s the response time for cellular issues?
• Is the SIM provisioned with priority QoS (some carriers offer priority APN tiers)?

For business-critical sites, multiple LTE failover circuits (different carriers) provides redundancy at the failover layer too.

Get help with branch resilience design

For SD-WAN with LTE failover deployment across Saudi branch operations, contact our team. Pair with networking services, cyber security, and IT support.