Guest Network Policy Setup



The Guest Network Policy is a great new feature for filtering. This allows for an easy guest experience with no certificate install or authentication.




Guest Network for BYOD


Bring your own device (BYOD) can use the standard filtering policy if you want all of the great features that Securly offers. Network administrators have the choice having BYOD to use the Guest Network Policy for BYOD.  Please review the diagram and the notes below to help make your choice. Please contact support if you have additional questions or concerns. 


  1. All guest network DNS and HTTP/S traffic need to use this same public IP address.
  2. All guest network traffic can NOT use the same public IP address as non-guest traffic
  3. Set DHCP scope for the guest network to use Securly DNS servers IP addresses only.
    • Do not relay guest network traffic to internal DNS servers.


Services that need internal DNS resolution will have problems using only Securly DNS. Captive portal services are a common use case. There are two solutions to resolve this.

  1. Created a Public DNS A record for the internal IP address to allow Securly DNS to resolve.
  2. Use a dedicated DNS server that uses the same public IP address as the guest network. This will allow internal DNS resolution and have Securly forwards for external resolution.

Securly DNS Servers

Please contact support if you do not know your DNS server IP addresses.


Same great features as a standard policy

  • Block or allow sites by category
  • Block or allow sites by domain name
  • Enforce safe search on Google and Bing 
  • Enforce YouTube Restricted Mode
  • Affected by global allow and deny
  • MITM backend exceptions are also applied


Guest Network Policy only

  • Only logging blocked sites
  • No certificate required
  • No keyword blocking
  • No authentication
  • Login with any Google account
  • No auditing of activity on social networks

Setup Process

Please email support with the public IP address you would like to use for this network. Support will setup the policy and reply to you. This creates a new entry in the policy editor. It is named Guest Network Policy with the public IP address. Configure the policy the way you would like. Then change the local network to use this public IP address. This is usually done on your firewall with a NAT/PAT rule. For details on how to do this for your network please contact your vendor for support.

Please contact support if you want to remove this policy



Have more questions? Submit a request


Powered by Zendesk