How to set up redundant internet for your business

A single internet connection is the most overlooked single point of failure in a small business. The firewall is redundant, the server has dual power supplies, the switch has a UPS behind it, the file shares are backed up nightly to two locations. Then the one fiber line into the building cuts out at 11am and nothing works. The phones go dark. The card readers stop. Microsoft 365 loads but cannot save. Customers in the store see a paper sign on the counter. The IT generalist calls the ISP and gets a 4-to-8-hour repair window.

Most small businesses live one ISP technician away from a full-day outage. The fix is not glamorous and it is not expensive at SMB scale, but it does require deciding what level of redundancy the business actually needs and then building the network so that one cable, one ISP, or one circuit failure does not stop work.

This article covers why a single connection is the wrong baseline for most modern businesses, the three real failover options at SMB scale (dual ISP, 4G/5G backup, SD-WAN load balancing), how automatic failover works in practice, how to size the backup connection so it actually carries production traffic, which services break first when the primary goes down, and the cost math against the cost of downtime. It is written for owners and IT generalists who already know they have a problem and are trying to decide what to actually buy.

Short answer: do you need redundant internet

You need redundant internet if any of the following are true: you take phone calls or payments over the internet (VoIP, card readers, cloud POS), your team works in cloud apps all day (Microsoft 365, Salesforce, Google Workspace), you have employees or customers who notice when systems go down, or your business has any compliance requirement around availability. That is most modern small businesses.

You can probably get by without redundant internet if your team does mostly local work, your phone system is on traditional copper, your payment processing is offline-capable, and your customers do not interact with your systems in real time. That is a shrinking list.

The realistic SMB price tag for meaningful redundancy is $50 to $200 per month plus a one-time $300 to $1,500 for hardware. Compared to the cost of even a single 4-hour outage during business hours, the math almost always favors redundancy.

Redundant internet at a glance

Option	What it adds	Typical cost	Failover speed	Best for
Single ISP only	Nothing – this is the baseline	$50-$300/mo	N/A (no failover)	Businesses that genuinely tolerate outages
Cellular hotspot (manual)	Backup connection a person plugs in	$30-$80/mo	Minutes (manual swap)	Tiny offices, very rare outages
Dual-WAN firewall + cellular	Automatic failover to LTE/5G	$80-$180/mo	15-60 seconds	Most SMB single-office scenarios
Dual ISP (two wired carriers)	Two independent wired connections	$150-$500/mo	15-60 seconds	Businesses where wired uptime matters
Dual ISP + cellular failover	Three-way redundancy	$200-$600/mo	15-60 seconds	VoIP, payment processing, multi-shift
SD-WAN with multiple links	Sub-second failover, application routing	$300-$800/mo	Sub-second	Multi-site, real-time traffic, call centers

The right answer for most single-office SMBs is “dual-WAN firewall plus a cellular failover with a properly sized backup plan.” That is the sweet spot for cost vs reliability. SD-WAN is the right answer when you have multiple locations or workloads that cannot tolerate a 30-second blip.

Why a single internet connection is a single point of failure

Internet outages at small businesses come from a small number of recurring causes. Knowing which ones actually hit you is the first step.

ISP equipment failure. The ISP’s modem or ONT in your building fails. This usually shows up as a steady-on red light on the modem and silence from the link. Repair is a truck roll, typically 4 to 24 hours.

Local cable or fiber damage. Construction crew cuts a buried fiber down the street. A squirrel chews through aerial cable. A vehicle hits a junction box. These are regional events that take everyone on that route offline at once. Repair is typically 4 to 12 hours but can stretch to multiple days.

Upstream provider issues. The ISP itself has a routing problem, a peering dispute, or a backbone outage. Your modem looks healthy, the link light is green, but no traffic flows. Resolution depends on the ISP and is often invisible from your side until they post a status page update.

Power loss at the ISP’s hut. Less common with modern ISPs but still happens. Your modem stays online (it has its own UPS) but the upstream is dead.

Building power loss. Your modem and firewall lose power. A UPS extends survival by 30 to 90 minutes; beyond that the local network goes down regardless of whether the ISP is up.

ISP maintenance windows. Most ISPs do scheduled maintenance overnight. If you operate 24/7 (some retail, hospitality, healthcare, manufacturing) those windows hit production hours.

Configuration changes that go wrong. A firmware update on the modem, a configuration change at the ISP, a misconfigured BGP advertisement. These are short outages but they happen, and the timing is unpredictable.

A single-ISP business is exposed to all seven of these. A dual-ISP business with two carriers riding different physical paths is exposed to maybe two of them (building power, configuration changes that affect both). The reduction in exposure is dramatic.

The three real failover options at SMB scale

The market has settled on three approaches that actually work for small businesses. Forget MPLS, dedicated leased lines, and SLA-backed enterprise contracts unless your business model genuinely requires them.

1. Dual ISP – two wired carriers

Two independent internet connections from two different ISPs running into the same firewall. The firewall picks one as primary and uses the other when the primary fails. This is the cleanest form of redundancy because both connections are wired, both are stable, and you can run a meaningful load over either one.

The critical detail most businesses miss: the two connections should ride different physical paths. A fiber connection from Carrier A and a cable connection from Carrier B that both use the same conduit under the street go down together when a backhoe hits the conduit. Diverse paths matter more than diverse logos.

Real diversity at SMB scale typically means: fiber from one carrier (Comcast Business, AT&T Fiber, Frontier, Lumen) plus cable from another (Spectrum, Cox), or fiber plus fixed wireless (T-Mobile Business Internet, Verizon LTE Business Internet). Two fiber connections from different carriers in the same conduit are not real diversity.

Cost: Two business-class connections typically run $150 to $500 per month combined for an SMB. The secondary does not have to match the primary in speed – more on sizing below.

When it fits: Single-office or multi-office businesses where the wired connection is the workhorse and you want a real wired backup.

2. Cellular failover – 4G LTE or 5G as backup

A dual-WAN firewall (or a separate cellular failover router) with a wired primary connection and an LTE or 5G connection as backup. When the wired link drops, the firewall automatically routes traffic over cellular until wired comes back.

This is the most cost-effective option for most single-office SMBs. Cellular has gotten dramatically better in the last five years. T-Mobile Business Internet, Verizon Business 5G, and AT&T Business Wireless all offer plans with enough bandwidth to carry a small office for the duration of a typical outage. Speeds of 50 to 200 Mbps down and 10 to 30 Mbps up are common, depending on signal quality and tower load.

Cost: $30 to $80 per month for a dedicated business cellular plan. Hardware is a $300 to $800 cellular gateway (Cradlepoint, Peplink, Sierra Wireless) or a firewall with built-in LTE (some Meraki, Fortinet, Ubiquiti models).

When it fits: Single-office businesses, businesses where the secondary connection is genuinely a backup (not a primary), and locations where wired diversity is hard to achieve.

Caveats. Cellular signal in your specific building matters more than the carrier’s marketing. Test before committing. A basement office or a location surrounded by metal will get poor signal regardless of which carrier you pick. External antennas help in marginal locations.

3. SD-WAN with multiple links – sub-second failover

SD-WAN treats multiple internet connections as a single logical pipe and routes traffic intelligently across them. Where dual-WAN firewall failover is “primary fails, switch to secondary in 30 seconds,” SD-WAN is “use both connections all the time, route each application over the best link, fail over in under a second when one degrades.”

For most single-site SMBs, SD-WAN is overkill. For businesses with real-time traffic that cannot tolerate even a brief blip – call centers, medical practices on phone bookings, retail with cloud POS, multi-site operations – SD-WAN is genuinely the best answer. The detailed comparison of when SD-WAN earns its cost vs when a dual-WAN firewall is enough is in the SD-WAN article.

Cost: $300 to $800 per month per site all-in (appliance, license, multiple connections, optionally managed services). Higher than dual-WAN failover, much lower than legacy MPLS.

When it fits: Multi-site businesses, single-site businesses with real-time critical traffic, businesses with compliance frameworks that benefit from centralized policy.

How automatic failover actually works

The marketing says “automatic failover.” The reality is that there are several different failover mechanisms and they behave very differently.

Link-state failover (the simplest, slowest, least useful)

The firewall watches whether the WAN port has a physical link. If the cable goes dead or the modem powers off, link state drops, and the firewall switches to the secondary. This catches modem failures and cable cuts but misses upstream outages where the link stays up but no traffic flows.

Health-check failover (what you actually want)

The firewall pings a target on the internet (typically 8.8.8.8, 1.1.1.1, or a custom target) every few seconds. If the pings stop responding, the firewall declares the primary down and switches to the secondary even though link state is still green. This catches upstream outages, peering issues, and ISP-side problems that link-state alone misses.

Health-check failover is the standard on every modern business firewall (Meraki MX, Fortinet, SonicWall, Ubiquiti UniFi, Watchguard, Sophos, pfSense). Configure two or three health-check targets, set the interval to 5 seconds and the threshold to 3 missed responses, and failover happens reliably in 15 to 30 seconds.

Application-aware failover (SD-WAN territory)

SD-WAN goes further: it measures latency, jitter, and packet loss continuously on each link and shifts specific applications to whichever link has the best quality at that moment. A VoIP call experiencing jitter on the primary fiber connection can be moved to the cable backup mid-call without dropping. This is sub-second and per-application.

Stateful failover (sessions survive)

When the firewall fails over from primary to secondary, existing connections (TCP sessions, VoIP calls, video streams) typically drop. Stateful failover keeps the session table synced across both WAN links so existing connections survive the cut. Available on most business firewalls but often requires specific configuration. Most SMBs do not configure it because the operational complexity is not worth it for their workloads.

Failback – the part everyone forgets

When the primary connection comes back, the firewall has to decide whether to switch back. Default behavior on most firewalls is “switch back immediately when primary is healthy.” This is usually wrong. If the primary is flapping (going up and down repeatedly), every failback drops sessions and creates more visible disruption than just staying on the secondary until the primary is stable.

The right configuration: switch back after the primary has been stable for 5 to 15 minutes, not the moment it returns. This is called “hold-down” or “stability timer” depending on the vendor.

How to size the backup connection

A common mistake: 1 Gbps fiber primary, 10 Mbps DSL backup. The backup cannot carry production load. When failover happens, the network is technically up but functionally unusable.

Size the backup to carry at least the business’s core workloads, even if it is slower than the primary.

Inventory what actually has to keep working

Not everything needs to keep working during an outage. The point of sizing the backup is to keep the critical traffic going, not to replicate the primary in full.

Always-needs-to-work tier:

• VoIP and video calls (especially customer-facing)
• Payment processing (card readers, e-commerce backend, POS)
• Cloud line-of-business apps (CRM, EMR, dispatch software)
• Email and messaging (Microsoft 365, Slack, Teams)

Nice-to-have tier:

• Cloud file sync (OneDrive, SharePoint, Google Drive) – delays are tolerable
• General web browsing
• Software downloads, updates

Can-wait tier:

• Bulk data backups to cloud
• Large file transfers
• Streaming video

The “always” tier is what determines minimum backup bandwidth.

Calculate the always tier bandwidth

Round numbers for SMB sizing:

• VoIP call (per concurrent call): 100 Kbps each direction. 10 simultaneous calls = 1 Mbps each direction.
• Video call (Teams/Zoom HD per participant): 2-4 Mbps each direction. 5 simultaneous video calls = 10-20 Mbps each direction.
• Cloud LOB app session per user: 200-500 Kbps typical, with bursts. 25 users = 5-12 Mbps.
• Card terminal session: under 50 Kbps each. Negligible at SMB scale.
• Email and messaging: under 1 Mbps for an entire SMB office.

A 25-person office with 10 simultaneous voice calls, 5 video calls, and 25 users on cloud apps needs roughly 20-30 Mbps each direction in the always tier. A 50-Mbps cellular plan handles this comfortably. A 10-Mbps DSL backup does not.

The minimum sensible backup

For most SMBs, the backup should be at least 25-50 Mbps down and 10-25 Mbps up. Below that, failover does not actually preserve business continuity – it just keeps the firewall lights green while users complain that everything is broken.

Modern cellular plans (T-Mobile Business 5G, Verizon Business 5G) easily clear this bar in good signal areas. Cable backup (50/10 or 100/20) clears it. Fiber backup (any modern fiber package) clears it with room to spare. DSL backup almost never clears it.

Which services break first when the internet is down

Knowing the failure order helps prioritize.

Within seconds:

• Active voice and video calls drop (sessions cannot survive a hard cut)
• Card terminal transactions in flight fail
• Active cloud app saves time out and surface errors

Within 30-60 seconds (during failover window):

• New voice calls cannot be placed
• Microsoft 365 starts surfacing connection errors
• Web pages stop loading
• Remote access (VPN, RDP) drops

Within 5 minutes:

• Cloud-based phone system fully degrades to “no service”
• Card readers stop accepting payment
• Cloud apps switch to offline modes if they support it (most do not)
• Email shows “send pending” but cannot deliver

Within 30 minutes:

• File sync (OneDrive, Dropbox, Google Drive) starts surfacing conflicts
• Backup jobs fail and start retry queues
• Monitoring tools start firing alerts

Within 2-4 hours:

• The team starts asking “should we go home?”
• Customer-facing impact becomes broadly visible
• VoIP voicemail-only mode if the phone vendor supports it
• Some apps trigger session-reauth that cannot complete and lock users out

A backup connection that activates in 30 seconds and sustains the always tier means most of this list never happens. A 4-hour outage on a single ISP means all of it.

Cost vs downtime risk math

The business case for redundant internet is straightforward but rarely calculated.

Cost of an outage

Real numbers vary by business, but a few anchors:

• Lost revenue per hour during business hours: If your business runs at $X/hour gross revenue, an outage during peak hours often costs that full $X plus the recovery tail (customers who left and did not return).
• Lost productivity per employee per hour: Burdened cost (salary + benefits + overhead) is typically $40-$120 per hour per knowledge worker. A 4-hour outage hitting 25 employees is 100 hours of unproductive time, $4,000-$12,000 of payroll spent on people unable to work.
• Customer-facing disruption: Phone calls that go to nowhere, payment terminals that fail, customers who interpret the outage as “this business is unreliable.” The dollar cost is hard to quantify but is rarely zero.
• SLA penalties or contractual liability: Some businesses owe their customers uptime under contract. A single outage can trigger penalties that exceed a year of redundancy cost.

Cost of redundancy

For most SMBs:

Option	Setup cost	Monthly recurring	Annual total
Cellular hotspot, manual	$200-$500	$30-$60	$560-$1,220
Dual-WAN firewall + cellular	$500-$1,500	$50-$100	$1,100-$2,700
Dual ISP wired only	$0-$2,000 (install fees)	$100-$400	$1,200-$6,800
Dual ISP + cellular	$500-$2,500	$130-$480	$2,060-$8,260
SD-WAN + dual ISP	$1,500-$5,000	$300-$800	$5,100-$14,600

The math most businesses arrive at

A 25-person SMB with $1.5M-$3M in annual revenue, mostly cloud-dependent, looking at dual-WAN firewall plus cellular backup at roughly $2,000/year all-in: that cost is recovered the first time it prevents a 4-hour outage. Most SMBs experience at least one such outage per year.

A 5-person professional services firm with $500k revenue and minimal real-time traffic: maybe a manual cellular hotspot is enough, and full failover is hard to justify.

A retailer with cloud POS doing $5k/day in transactions: anything less than dual ISP with cellular failover is leaving money on the table. SD-WAN is genuinely worth considering.

A medical practice with cloud EMR and phone-booked appointments: VoIP failover quality matters, automatic failover is non-negotiable. Cellular backup minimum, often dual-ISP.

The right answer depends on actual exposure, not gut feel. Most owners discover they are under-protected when they do the math.

How redundant internet connects to the rest of the network

Redundancy at the WAN edge interacts with the rest of the network design. A few things to plan for:

Firewall handling. The firewall is what decides which WAN to use and when to fail over. A consumer router with two WAN ports does this badly; a business firewall with proper health checks does it well. If you already have a real business firewall, dual-WAN failover is a configuration job, not a hardware purchase.

DNS resolution during failover. If the firewall is using ISP-assigned DNS servers, those become unreachable when the primary fails. Configure the firewall to use 1.1.1.1, 8.8.8.8, or your own DNS infrastructure – independent of either ISP – so DNS keeps resolving across a failover.

VPN tunnels. Site-to-site VPNs and remote-access VPNs are tied to the WAN IP. When you fail over, the public IP changes, and VPN tunnels break. SD-WAN handles this transparently. Dual-WAN failover usually requires either dynamic DNS, a dedicated VPN appliance with multi-WAN support, or accepting that VPNs reconnect a few seconds after failover.

Public-facing services. Web servers, mail servers, or any service published from your office to the internet are pinned to one ISP’s IP space. Failing over to the secondary changes the public IP, which means inbound connections do not follow you. The fix is to host public-facing services in cloud or in a hosted environment, not at the office.

VLAN segmentation continues to apply. Failover happens at the WAN edge; the LAN side does not change.

Managed switches with PoE matter for VoIP phones during a failover – if power blips during the WAN swap, phones reboot and miss the failover entirely. UPS protection on the network closet plus PoE switches that ride through brief power events is the right combination.

Business WiFi is unaffected by WAN failover unless the access points lose power. Local Wi-Fi keeps working; what changes is whether traffic reaches the internet.

Common mistakes when setting up redundant internet

The patterns that turn a redundancy project into wasted spending.

1. Both ISPs riding the same physical path. Two carriers using the same conduit go down together. If you cannot verify diverse paths, ask both carriers explicitly and get it in writing.
2. Backup connection too small to carry production. The 10 Mbps DSL backup behind a 1 Gbps fiber primary is a checkbox, not a backup. Size the secondary to carry the always tier.
3. No health-check failover. Link-state failover misses most real-world outages (upstream issues, ISP routing problems). Health-check failover with reasonable thresholds is non-negotiable.
4. Failback on first sign of life. Aggressive failback during a flapping primary causes more disruption than the original outage. Use a stability timer of 5-15 minutes.
5. Cellular backup never tested. Half of cellular backups fail their first real outage because nobody tested whether the cell signal was adequate or the SIM was active. Test failover quarterly by unplugging the primary.
6. VPN endpoints not configured for failover. Site-to-site VPNs break when the public IP changes. Either use dynamic DNS, a vendor with multi-WAN VPN support, or accept the reconnect time.
7. DNS servers tied to one ISP. When the primary fails, ISP-assigned DNS goes with it. Use independent resolvers (1.1.1.1, 8.8.8.8, or your own) on the firewall.
8. Public-facing services hosted at the office. A web server at the office becomes unreachable on failover regardless of whether the secondary works. Host externally.
9. No UPS on the network closet. A power blip during failover reboots the firewall, which means failover does not happen and the office goes dark. UPS the firewall, modems, switches, and at minimum the access points serving the front office.
10. Setting it up and never looking at it. Failover that worked on day one stops working when an ISP changes upstream routing, when a SIM expires, or when a firmware update changes default behavior. Quarterly testing is the minimum cadence.
11. Treating the backup as a “nice to have” not a “must work.” Either the backup is part of business continuity or it is not. If it is, it gets the same monitoring, testing, and budget as the primary. If it is not, do not pretend.
12. Buying SD-WAN to fix a single bad ISP. SD-WAN routes intelligently across multiple decent connections. It cannot make a bad connection good. Fix the underlying connection first.

Time-to-deploy

Phase	Duration
Decide what level of redundancy you need	1 day
Get quotes from secondary ISP	1-2 weeks
Wait for ISP install or cellular gateway delivery	2-6 weeks (wired) or 1-2 weeks (cellular)
Configure dual-WAN failover on firewall	2-4 hours
Configure DNS, VPN, public services	2-8 hours depending on scope
Test failover end-to-end	2-4 hours
Document the configuration	1-2 hours
First quarterly failover test (and every quarter after)	30 minutes

Cellular-only failover behind an existing business firewall: live in 2-3 weeks. Dual ISP: depends entirely on the secondary carrier’s install timeline, typically 4-8 weeks. SD-WAN: 4-6 weeks for a single site, longer for multi-site.

When to involve an MSP

Most small businesses should at least have an MSP review the design before committing. The mistakes above are common enough that an outside set of eyes catches things the internal team misses. Specific cases where MSP involvement pays off:

• Multi-site businesses where failover has to coordinate across locations. The complexity scales fast – this is part of the broader multi-site network design problem, where the cross-site connections, the shared resources, and the failover policy all need to be designed as one network rather than as a series of independent sites.
• Businesses with VoIP, payment processing, or compliance requirements where the cost of getting it wrong is high.
• Businesses without an in-house network generalist who can configure the firewall, design the failover policy, and run quarterly tests.
• SD-WAN evaluations where vendor selection and policy design matter more than the hardware.
• Renewals and design refreshes where the current setup is from 2018 and could be much better today.

How Sequentur handles redundant internet for clients

Network resilience is part of the managed network services we run for clients across small and mid-sized businesses in the 15-to-250-employee range. The work usually starts with a network assessment that includes the WAN side – what the current connections are, whether they ride diverse paths, what would happen during a typical outage, and what the failover should look like. From there we design the redundancy that fits the business: dual ISP for businesses where wired uptime matters, cellular failover for cost-sensitive single-office scenarios, SD-WAN for multi-site or real-time-critical operations.

If your business runs on cloud apps and phones and you have not actually tested what happens when the internet goes down, schedule a call and we will walk through the exposure honestly.