Contact Support

Classic Alarms Network Settings

Learn about the required network settings for Verkada Classic Alarms

This article is a guide for classic Alarms. Refer to this article if you have new Alarms. See New Alarms vs Classic Alarms if you are unsure which version of Alarms you have.

This article outlines the required network settings that your Verkada Classic Alarms devices need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.

Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.

IP address

Alarms devices must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Alarms devices use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.

If you require your Alarms device to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device’s label).

Domain Name System

Alarms devices use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Alarms device where the DNS server is on the network and the Alarms device communicates using UDP port 53.

DNS over HTTPS (DoH) is currently not supported.

Power

Some Alarms devices are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to them, or a PoE injector needs to be utilized. For specifics on power requirements, see the Alarms device’s datasheet.

Firewall settings

Alarms devices require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the devices to communicate with the general required endpoints.

These are the general domains to allow, applicable for all organization-regions:

34.216.15.26 - UDP/123
*.verkada.com - UDP/123 + TCP+UDP/443
*.appcenter.ms - TCP/443
global.turn.twilio.com - TCP/443

If you prefer a more granular allowlist, you can add IP addresses, full FQDNs, and wildcard domains to your firewall rules based on the region where your devices are located.

Your region is selected when you create an organization in Command.

Region: United States

34.216.15.26 - UDP/123
alarms.control.verkada.com - TCP+UDP/443
alarms.global-prod.control.verkada.com - TCP+UDP/443
api.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
index.control.verkada.com - TCP+UDP/443
relay.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
valarm.command.verkada.com - TCP+UDP/443
valarm.global-prod.command.verkada.com - TCP+UDP/443
vconductor.command.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
*.appcenter.ms - TCP/443
global.turn.twilio.com - TCP/443

Region: Europe

alarms.global-prod.control.verkada.com - TCP+UDP/443
alarms.prod2.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
index.prod2.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod2.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
valarm.global-prod.command.verkada.com - TCP+UDP/443
valarm.prod2.command.verkada.com - TCP+UDP/443
vbroadcast.command.verkada.com - TCP+UDP/443
vbroadcast.prod2.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443

All regions

BC51s in all regions require these endpoints:

*.apple.com - TCP/80
*.apple.com - TCP/443
*.apple.com - TCP/2197
*.apple.com - TCP/5223
*.apple.com - UDP/123
crl.entrust.net - TCP/80
crl3.digicert.com - TCP/80
crl4.digicert.com - TCP/80
global.stun.twilio.com - UDP/3478
global.turn.twilio.com - UDP/3478
*.mzstatic.com - TCP/80
*.mzstatic.com - TCP/443
ocsp.digicert.com - TCP/80
ocsp.entrust.net - TCP/80
vmdm.command.verkada.com - TCP+UDP/443
vmdm.global-prod.command.verkada.com - TCP+UDP/443

BK21s in all regions require these endpoints:

time.cloudflare.com - TCP/4460
time.cloudflare.com - UDP/123

BZ11s in all regions require these endpoints:

global.stun.twilio.com - UDP/3478
global.turn.twilio.com - UDP/3478

Use the Verkada Network Tester to verify your devices can connect to Verkada Command. Select your region and the Classic Alarms product type to run the check.

The following endpoints must be allowed on your network for the test to work:

  • speed.cloudflare.com

  • network-tester.support.verkada.com

Need more help? Contact Verkada Support.

Last updated

Was this helpful?