# Command Connector Network Settings This article outlines the required network settings for your Command Connector to communicate with non-Verkada cameras and Verkada Command. For more information on the required network settings for other Verkada product lines, see [Required Network Settings](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/need-help/required-network-settings). {% hint style="danger" %} The Command Connector has 2 RJ-45 Ethernet interfaces. Only **connect one** of the interfaces to your network for initial configuration. To configure both ports, see [Configure Two Ethernet Ports for Command Connector](https://help.verkada.com/command-connector/configuration/configure-two-ethernet-ports-for-command-connector). {% endhint %} ## IP address The Command Connector must be assigned an IPv4 address to communicate on the LAN and with Verkada Command. The Command Connector obtains its IP address and network configurations using Dynamic Host Configuration Protocol (DHCP). {% hint style="warning" %} The Command Connector has two ethernet interfaces. If you are using IP address reservations, it is recommended to configure two reservations—one for each Ethernet port. {% endhint %} ## Domain Name System Command Connectors use a DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Command Connector where the DNS server is on the network, and it communicates using UDP port 53. {% hint style="warning" %} DNS over HTTPS (DoH) is currently not supported. {% endhint %} ## Non-Verkada cameras Ensure that the Command Connector and non-Verkada cameras can communicate bi-directionally. If they are on separate or remote subnets, verify that routing works correctly in both directions. Note that dynamic NAT or Layer 3 (L3) translation is not supported between these devices. Command Connector connects to non-Verkada cameras over the LAN using port 554 to pull RTSP streams, and port 80 or 8080 for ONVIF HTTP requests. Verify these ports are allowed on the network: * **TCP+UDP ports 80, 8080, 443**: Enables the Command Connector to read and set camera parameters. * **TCP+UDP port 554**: Enables the Command Connector to ingest RTSP video streams from non-Verkada cameras. * **TCP+UDP Port 3702**: Enables WS-Discovery so the Command Connector can discover and connect to non-Verkada cameras over the LAN. ## Firewall settings Command Connectors require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the Command Connector to communicate with the general required endpoints. These are the general domains to allow, **applicable for all organizations**: | Domain/IP | Protocol/Port | | ------------------- | ---------------------- | | 34.216.15.26 | UDP:123 (Fallback NTP) | | \*:4100 | TCP/UDP on LAN | | \*.verkada.com | UDP:123 + TCP/UDP:443 | | time.cloudflare.com | TCP:4460 + UDP:123 | | \*.amazonaws.com | TCP/UDP:443 | If you prefer a more granular allowlist, you can add IP addresses, full FQDNs, and wildcard domains to your firewall rules based on the region where your devices are located. {% hint style="warning" %} Your region is selected when you [create an organization](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/get-started-with-verkada-command) in Command. {% endhint %} {% tabs %} {% tab title="United States" %} | Domain/IP | Protocol/Port | | --------------------------------------------------------- | ------------------------------------ | | 34.216.15.26 | UDP:123 (Fallback NTP) | | \*:4100 | TCP/UDP on LAN (for local streaming) | | api.control.verkada.com | TCP/UDP:443 | | api-ga.control.verkada.com | TCP/UDP:443 | | api.global-prod.control.verkada.com | TCP/UDP:443 | | device.pyramid.verkada.com | TCP/UDP:443 | | firmware.control.verkada.com | TCP/UDP:443 | | index.control.verkada.com | TCP/UDP:443 | | relay.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vlogging.command.verkada.com | TCP/UDP:443 | | user.pyramid.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | \*.kinesisvideo.us-west-2.amazonaws.com | TCP/UDP:443 | | s3.ap-southeast-2.amazonaws.com | TCP:443†‡ | | s3.ca-central-1.amazonaws.com | TCP:443†‡ | | s3.eu-west-1.amazonaws.com | TCP:443†‡ | | s3.us-west-2.amazonaws.com | TCP:443† | | time.cloudflare.com | TCP:4460 + UDP:123 | | vlogging.command.verkada.com/connect-box-logs | TCP/UDP:443 | | vlogging.global-prod.command.verkada.com/connect-box-logs | TCP/UDP:443 | | {% endtab %} | | {% tab title="Europe" %} | Domain/IP | Protocol/Port | | --------------------------------------------------------- | ------------------------------------------------- | | 34.216.15.26 | UDP:123 (Fallback NTP) | | \*:4100 | TCP/UDP on LAN (for local streaming) | | api-ga.control.verkada.com | TCP/UDP:443 | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod2.control.verkada.com | TCP/UDP:443 | | index.prod2.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod2.control.verkada.com | TCP/UDP:443 | | time.cloudflare.com | TCP:4460 + UDP:123 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod2.command.verkada.com | TCP/UDP:443 | | \*.eu-west-1.compute.amazonaws.com | TCP/UDP:443 | | \*.eu-west-1.compute.amazonaws.com | UDP:1024 to 65535 (only required for PTZ cameras) | | \*.kinesisvideo.eu-west-1.amazonaws.com | TCP/UDP:443 | | s3.eu-west-1.amazonaws.com | TCP:443† | | vlogging.prod2.command.verkada.com/connect-box-logs | TCP/UDP:443 | | vlogging.global-prod.command.verkada.com/connect-box-logs | TCP/UDP:443 | | {% endtab %} | | {% tab title="Australia" %} | Domain/IP | Protocol/Port | | --------------------------------------------------------- | -------------------------------------------------- | | 34.216.15.26 | UDP:123 (Fallback NTP) | | \*:4100 | TCP/UDP on LAN (only required for local streaming) | | api-ga.control.verkada.com | TCP/UDP:443 | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | index.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | time.cloudflare.com | TCP:4460 + UDP:123 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod-ap-syd.command.verkada.com | TCP/UDP:443 | | \*.eu-west-1.compute.amazonaws.com | TCP/UDP:443 | | \*.eu-west-1.compute.amazonaws.com | UDP:1024 to 65535 (only required for PTZ cameras) | | \*.kinesisvideo.eu-west-1.amazonaws.com | TCP/UDP:443 | | s3.eu-west-1.amazonaws.com | TCP:443† | | vlogging.prod-ap-syd.command.verkada.com/connect-box-logs | TCP/UDP:443 | | vlogging.global-prod.command.verkada.com/connect-box-logs | TCP/UDP:443 | | {% endtab %} | | | {% endtabs %} | | {% hint style="warning" %} **Footnotes:** * †Required for cloud backup. * ‡Only required if your [data storage location](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/security/privacy-and-security-disclosure/set-a-default-or-camera-specific-location-for-image-and-video-data-storage-and-processing) is set outside of the US. {% endhint %} {% hint style="info" %} Use the [Verkada Network Tester](https://network-tester.support.verkada.com/) to verify your devices can connect to Verkada Command. Select your region and the **Command Connector** product type to run the check. The following endpoints must be allowed on your network for the test to work: * speed.cloudflare.com * network-tester.support.verkada.com {% endhint %}