Guest Network Policy Setup



The Guest Network Policy is a great new feature for filtering. This allows for an easy guest experience with no certificate install or authentication.




Guest Network for BYOD


Bring your own device (BYOD) can use the standard filtering policy if you want all of the great features that Securly offers. Network administrators have the choice having BYOD to use the Guest Network Policy for BYOD.  Please review the diagram and the notes below to help make your choice. Please contact support if you have additional questions or concerns. 


All guest traffic needs to use a different public IP address from your normal Securly filtering. All Guest Network DNS and HTTP/S traffic needs to use this same public IP address. It is recommended to change DHCP on this network to use Securly DNS server IP addresses directly.

Services that need internal DNS resolution will have problems using only Securly DNS. Captive portal services are a common use case. There are two solutions to resolve this.
1) Created a Public DNS A record for the internal IP address to allow Securly DNS to resolve.
2) Use a dedicated DNS server that uses the same public IP address as the guest network. This will allow internal DNS resolution and have Securly forwards for external resolution.

Securly DNS Servers

Please contact support if you do not know your DNS server IP addresses.


Same great features as a standard policy

  • Block or allow sites by category
  • Block or allow sites by domain name
  • Enforce safe search on Google and Bing 
  • Enforce YouTube Restricted Mode
  • Affected by global allow and deny
  • MITM backend exceptions are also applied


Guest Network Policy only

  • Only logging blocked sites
  • No certificate required
  • No keyword blocking
  • No authentication
  • Login with any Google account
  • No auditing of activity on social networks

Setup Process

Please email support with the public IP address you would like to use for this network. Support will setup the policy and reply to you. This creates a new entry in the policy editor. It is named Guest Network Policy with the public IP address. Configure the policy the way you would like. Then change the network to use this IP address. This is usually done on your firewall with a NAT rule. For details on how to do this for your network please contact your vendor for support.

Please contact support if you want to remove this policy



Have more questions? Submit a request


Powered by Zendesk