# Gateways Network Settings This article outlines the required network settings that your Verkada [Gateways](https://docs.verkada.com/docs/gc31-cellular-gateway-datasheet.pdf) need to communicate with [Verkada Command](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/getting-started/get-started-with-verkada-command). The gateways can connect to your network by utilizing the [WAN Failover](https://help.verkada.com/connectivity/configuration/add-cellular-gateway-to-command/use-cellular-gateways-for-wan-failover) mode. For more information on the required network settings for other Verkada product lines, see [Required Network Settings](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/need-help/required-network-settings). {% hint style="warning" %} Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command. {% endhint %} ## **Status LED** A flashing blue status LED on the gateway indicates the device is not communicating with Command. Check the [status LED](https://help.verkada.com/connectivity/configuration/add-cellular-gateway-to-command/cellular-gateway-status-leds) doc for explanations of each LED pattern. If you see this behavior, check that the network is set up with the gateway’s requirements. If the problem persists, contact [Verkada Support](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/need-help/contact-verkada-support). {% hint style="warning" %} When gateways are offline, alerts/events do not trigger. They continue to record data and sync with Command once they reconnect. {% endhint %} ## **IP address** Verkada gateways must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Gateways use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations. ## **Domain Name System** Verkada gateways use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the gateway where the DNS server is on the network and the gateway communicates using UDP port 53. {% hint style="warning" %} DNS over HTTPS (DoH) is currently not supported. {% endhint %} ## **Power** Verkada GC31-Es are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to the GC31-E, or a PoE injector needs to be utilized. A GC31 is powered through a barrel-jack adapter. For specifics on power requirements, see the [gateway’s datasheet](https://docs.verkada.com/docs/gc31-cellular-gateway-datasheet.pdf). ## **Firewall settings** Gateways require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the gateways to communicate with the general required endpoints. These are the general domains to allow, **applicable for all organization-regions:** | Domain/IP | Protocol/Port | | -------------- | --------------------- | | 34.216.15.26 | UDP:123 | | \*.verkada.com | UDP:123 + TCP/UDP:443 | If you prefer a more granular allowlist, you can add both IP addresses and full FQDNs to your firewall rules based on the region where your devices are located. {% hint style="warning" %} Your region is selected when you [create an organization](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/get-started-with-verkada-command) in Command. {% endhint %} {% tabs %} {% tab title="United States" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------- | | 34.216.15.26 | UDP:123 | | api.control.verkada.com | TCP/UDP:443 | | api.global-prod.control.verkada.com | TCP/UDP:443 | | firmware.control.verkada.com | TCP/UDP:443 | | index.control.verkada.com | TCP/UDP:443 | | relay.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.command.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vnet.command.verkada.com | TCP/UDP:443 | | {% endtab %} | | {% tab title="Europe" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------- | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod2.control.verkada.com | TCP/UDP:443 | | index.prod2.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod2.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod2.command.verkada.com | TCP/UDP:443 | | vnet.prod2.command.verkada.com | TCP/UDP:443 | | {% endtab %} | | {% tab title="Australia" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------- | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | index.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod-ap-syd.command.verkada.com | TCP/UDP:443 | | vnet.prod-ap-syd.command.verkada.com | TCP/UDP:443 | | {% endtab %} | | | {% endtabs %} | | {% hint style="info" %} Use the [Verkada Network Tester](https://network-tester.support.verkada.com/) to verify your devices can connect to Verkada Command. Select your region and the **Gateways** product type to run the check. The following endpoints must be allowed on your network for the test to work: * speed.cloudflare.com * network-tester.support.verkada.com {% endhint %}