Classic Alarms Network Settings
Learn about the required network settings for Verkada Classic Alarms
This article is a guide for classic Alarms. Refer to this article if you have new Alarms. See New Alarms vs Classic Alarms if you are unsure which version of Alarms you have.
This article outlines the required network settings that your Verkada Classic Alarms devices need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines, see Required Network Settings.
Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.
IP address
Alarms devices must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Alarms devices use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you require your Alarms device to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device’s label).
Domain Name System
Alarms devices use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Alarms device where the DNS server is on the network and the Alarms device communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Power
Some Alarms devices are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to them, or a PoE injector needs to be utilized. For specifics on power requirements, see the Alarms device’s datasheet.
Firewall settings
Alarms devices require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the devices to communicate with the general required endpoints.
These are the general domains to allow, applicable for all organization-regions:
34.216.15.26
UDP:123
*.verkada.com
UDP:123 + TCP/UDP:443
*.appcenter.ms
TCP:443
global.turn.twilio.com
TCP:443
If you prefer a more granular allowlist, you can add IP addresses, full FQDNs, and wildcard domains to your firewall rules based on the region where your devices are located.
Your region is selected when you create an organization in Command.
34.216.15.26
UDP:123
alarms.control.verkada.com
TCP/UDP:443
alarms.global-prod.control.verkada.com
TCP/UDP:443
api.control.verkada.com
TCP/UDP:443
api.global-prod.control.verkada.com
TCP/UDP:443
firmware.control.verkada.com
TCP/UDP:443
index.control.verkada.com
TCP/UDP:443
relay.control.verkada.com
TCP/UDP:443
relay.global-prod.control.verkada.com
TCP/UDP:443
time.control.verkada.com
UDP:123
update.control.verkada.com
TCP/UDP:443
valarm.command.verkada.com
TCP/UDP:443
valarm.global-prod.command.verkada.com
TCP/UDP:443
vconductor.command.verkada.com
TCP/UDP:443
vconductor.global-prod.command.verkada.com
TCP/UDP:443
*.appcenter.ms
TCP:443
global.turn.twilio.com
TCP:443
BC51s
*.apple.com
TCP:80
*.apple.com
TCP:443
*.apple.com
TCP:2197
*.apple.com
TCP:5223
*.apple.com
UDP:123
crl.entrust.net
TCP:80
crl3.digicert.com
TCP:80
crl4.digicert.com
TCP:80
global.stun.twilio.com
UDP:3478
global.turn.twilio.com
UDP:3478
*.mzstatic.com
TCP:80
*.mzstatic.com
TCP:443
ocsp.digicert.com
TCP:80
ocsp.entrust.net
TCP:80
vmdm.command.verkada.com
TCP/UDP:443
vmdm.global-prod.command.verkada.com
TCP/UDP:443
BK21s
time.cloudflare.com
TCP:4460
time.cloudflare.com
UDP:123
BZ11s
global.stun.twilio.com
UDP:3478
global.turn.twilio.com
UDP:3478
alarms.global-prod.control.verkada.com
TCP/UDP:443
alarms.prod2.control.verkada.com
TCP/UDP:443
api.prod2.control.verkada.com
TCP/UDP:443
api.global-prod.control.verkada.com
TCP/UDP:443
index.prod2.control.verkada.com
TCP/UDP:443
relay.global-prod.control.verkada.com
TCP/UDP:443
relay.prod2.control.verkada.com
TCP/UDP:443
time.control.verkada.com
UDP:123
update.control.verkada.com
TCP/UDP:443
valarm.global-prod.command.verkada.com
TCP/UDP:443
valarm.prod2.command.verkada.com
TCP/UDP:443
vbroadcast.command.verkada.com
TCP/UDP:443
vbroadcast.prod2.control.verkada.com
TCP/UDP:443
vconductor.global-prod.command.verkada.com
TCP/UDP:443
vconductor.prod2.command.verkada.com
TCP/UDP:443
BC51s
*.apple.com
TCP:80
*.apple.com
TCP:443
*.apple.com
TCP:2197
*.apple.com
TCP:5223
*.apple.com
UDP:123
crl.entrust.net
TCP:80
crl3.digicert.com
TCP:80
crl4.digicert.com
TCP:80
global.stun.twilio.com
UDP:3478
global.turn.twilio.com
UDP:3478
*.mzstatic.com
TCP:80
*.mzstatic.com
TCP:443
ocsp.digicert.com
TCP:80
ocsp.entrust.net
TCP:80
vmdm.command.verkada.com
TCP/UDP:443
vmdm.global-prod.command.verkada.com
TCP/UDP:443
BK21s
time.cloudflare.com
TCP:4460
time.cloudflare.com
UDP:123
BZ11s
global.stun.twilio.com
UDP:3478
global.turn.twilio.com
UDP:3478
Use the Verkada Network Tester to verify your devices can connect to Verkada Command. Select your region and the Classic Alarms product type to run the check.
The following endpoints must be allowed on your network for the test to work:
speed.cloudflare.com
network-tester.support.verkada.com
Last updated
Was this helpful?