Verkada devices need to communicate with a Government Solution Command organization via their local network. In most cases, minimal updates to your network settings are needed. Additional configuration may be required for complex or highly secure networks.
See Required Network Settings for more information on the required network settings for other Verkada product lines.
Compatibility
Verkada devices are incompatible with local area networks (LANs) that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for your Verkada devices to communicate with Verkada Command.
IP address
Verkada devices must be assigned an IPv4 address to communicate on the LAN and to Verkada Command through the internet. By default, all Verkada devices use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you require your device to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device's label). You can also set up static IP addresses in Command for Command Connector.
Verkada devices may utilize path MTU discovery to determine the maximum transmission unit of the network path. Therefore, it is necessary to permit ICMP Fragmentation Needed (Type 3, Code 4) and ICMPv6 Packet Too Big (Type 2) packets. Ensure your firewall(s) are configured to permit this in the return path to your Verkada devices.
Domain Name System
Verkada devices use the Domain Name System (DNS) server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Verkada device where the DNS server is on the network, and the device communicates using UDP port 53.
DNS over HTTPS (DoH) is not currently supported.
Command Connector firewall settings
Verkada Command Connectors require access to many endpoints to ensure they can communicate with Command and that all features are accessible.
Region: United States Gov
api.global-prod.control.verkada.com
(HTTPS/443)
update.control.verkada.com
(HTTPS/443)time.nist.gov
(TCP+UDP - HTTPS/443)*.kinesisvideo.us-gov-west-1.amazonaws.com
(HTTPS/443)*.us-gov-west-1.compute.amazonaws.com
(HTTPS/443 & UDP/1024-65535)s3.us-gov-west-1.amazonaws.com
(HTTPS/443)verkada-firmware.s3.us-west-2.amazonaws.com
(HTTPS/443)api.prod-govus-pine.control.verkadagov.com
(HTTPS/443)api.control.verkada.com
(HTTPS/443)RTSP
(*:8554 on LAN)vsubmit.prod-govus-pine.verkadagov.com
(HTTPS/443)relay.prod-govus-pine.control.verkadagov.com
(HTTPS/443)vproxy.prod-govus-pine.verkadagov.com
(HTTPS/443)vstream.prod-govus-pine.verkadagov.com
(HTTPS/443)vflow.prod-govus-pine.verkadagov.com
(HTTPS/443)Local streaming (*:4100 on LAN)
Prefer to see it in action? Check out the video tutorial.
Need more help? Contact Verkada Support.