SD-WAN Design for UK Multi-Site Operations
Replace your ageing MPLS or unmanaged broadband mesh with SD-WAN. Application-aware routing sends Microsoft 365, Salesforce, and VoIP down the path that performs best. Automatic failover to 4G/5G keeps a site online when the fibre goes down. Centralised policy lets you push a change to 50 sites in under 10 minutes.
What’s Included
Multi-Vendor Design Capability
We design and deliver on Fortinet (FortiGate Secure SD-WAN), Cisco Meraki, Cisco Catalyst SD-WAN (Viptela), and Aruba EdgeConnect. Vendor recommendation based on your scale, budget, and existing kit — not the latest sales pitch.
Application-Aware Routing
M365, Teams, Salesforce, Zoom and other SaaS apps routed direct via the best-performing internet path — not hairpinned through an HQ firewall. Real-time path selection based on jitter, loss, and latency.
Automatic Failover & Hybrid Backup
Primary fibre + secondary broadband + 4G/5G dongle as tertiary backup. Sub-second failover detection with stateful session continuity for critical apps.
Centralised Policy Management
One policy console, hundreds of sites. Push a security or QoS change once, deploy everywhere. New site rollout in under an hour after WAN delivery.
Embedded SD-WAN Security
IPsec everywhere by default. Optional integrated SWG, IPS, and SASE add-ons depending on platform. Designs include security zoning, not just connectivity.
Migration Roadmap
If you're replacing MPLS, we plan the cutover wave-by-wave with rollback points. We've never had a rollback we couldn't roll back.
DIY vs VantagePoint Professional
Frequently Asked Questions
When does SD-WAN make sense vs sticking with MPLS or basic IPsec?
SD-WAN typically wins above 5–10 sites. Below that, simple IPsec mesh is usually cheaper and good enough. Above 50 sites, SD-WAN is essentially mandatory because per-site management at MPLS pricing is too expensive. Between those points, application performance (M365, voice) and the cost of MPLS are the deciding factors. We can do a quick TCO comparison during a scoping call.
Which SD-WAN platform should we use?
Depends on existing kit, scale, and security needs. If you already run Fortinet firewalls — FortiGate Secure SD-WAN integrates cleanly. If you have Meraki APs and switches — Meraki SD-WAN extends the same dashboard. Cisco shops with mid-to-large scale typically run Catalyst SD-WAN (formerly Viptela). Aruba EdgeConnect is strong for app performance. We'll recommend based on your specifics, not on a partnership tier.
How long does an SD-WAN rollout take?
Design phase: 2–3 weeks for a 10-site deployment, 4–6 weeks for 50+. Rollout phase: typically one site per night or two per week, depending on operational windows. Most projects we run cut over in 6–10 weeks total.
Can we keep our existing firewalls?
Sometimes — depends on the platform. FortiGate firewalls run SD-WAN natively, no replacement needed. With other platforms you may need new edge devices. We make this clear in the design so there are no surprise capital costs.
How do we evidence SD-WAN security to auditors?
SD-WAN provides IPsec encryption between all sites by default, application-level policy, and per-site security logs. We document this as a control set mapped to ISO 27001 / Cyber Essentials / NIS2 / PCI-DSS as relevant. Logs feed into your SIEM if you have one.
Ready to Design Your Network?
Try VP Compass free or book a scoping call with VantagePoint Networks for a fully managed design.