Custom roles are not required when doing guest access but it limits your flexibility. When guest users authenticate successfully, they will have the same open role, so you cannot restrict where they go and what they do with firewall policies. If you need to restrict guest user traffic, this will be problematic.