Skip to main content

Access Control Network Settings

Learn about the required network settings for Verkada Access Control devices

Updated over a week ago

This article outlines the required network settings that your Verkada access controllers need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.

Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.

Status LED

At the top left of the physical access controller, if you see a flashing blue status LED this indicates that the access controller is not communicating with Command.

If you see this behavior:

  • Check that the network is set up correctly for the access controller.

  • See Verkada Access Offline Operation to understand what the access system does when it cannot communicate with Command.

If the problem persists, contact Verkada Support.

IP address

Access controllers need an IPv4 address to communicate on the local area network (LAN) and to Command through the internet. Access controllers use Dynamic Host Configuration Protocol (DHCP), UDP ports 67 and 68, to obtain their IP addresses and network configurations.

If you want to have a specific IP address on your access controller, set a DHCP reservation using the access controller’s Media Access Control (MAC) address (found on the device's label).

Domain Name System

Access Controllers use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the access controller where the DNS server is on the network and the access controller communicates using UDP port 53.

DNS over HTTPS (DoH) is currently not supported.

Power

For specifics on power requirements, see the access controller's datasheet.

Firewall settings

Verkada access controllers require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the access controllers to communicate with the general required endpoints.

These are the general domains to allow, applicable for all organization-regions:

34.216.15.26 - UDP/123
35.166.49.153 - UDP/123 + TCP+UDP/443
*.verkada.com - UDP/123 + TCP+UDP/443

If you prefer a more granular allowlist, you can add both IP addresses and full FQDNs to your firewall rules based on the region where your devices are located.

Your region is selected when you create an organization in Command.

Region: United States

Standard Verkada Endpoints

api.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP 443
device.pyramid.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
update.control.verkada.com - TCP+UDP/443
user.pyramid.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443

NTP Endpoints

34.216.15.26 - UDP/123
35.166.49.153 - UDP/123 + TCP+UDP/443
time.control.verkada.com - UDP/123
time.cloudflare.com - TCP/4460
time.cloudflare.com - UDP/123

Access Control Endpoints

access.control.verkada.com - TCP+UDP/443
vcerberus.command.verkada.com - TCP+UDP/443

Region: Europe

Standard Verkada Endpoints

access.prod2.command.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP 443
relay.prod2.control.verkada.com - TCP+UDP/443
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443
vpeer-to-peer.prod2.command.verkada.com - TCP+UDP/443
vinnout.prod2.command.verkada.com - TCP+UDP/443

NTP Endpoints

35.166.49.153 - UDP/123 + TCP+UDP/443
time.control.verkada.com - UDP/123
time.cloudflare.com - TCP/4460
time.cloudflare.com - UDP/123

Access Control Endpoints

access.prod2.command.verkada.com - TCP+UDP/443
vcerberus.command.verkada.com - TCP+UDP/443

Region: Australia

Standard Verkada Endpoints

access.prod-ap-syd.command.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod-ap-syd.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP 443
relay.prod-ap-syd.control.verkada.com - TCP+UDP/443
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod-ap-syd.command.verkada.com - TCP+UDP/443
vpeer-to-peer.prod-ap-syd.command.verkada.com - TCP+UDP/443
vinnout.prod-ap-syd.command.verkada.com - TCP+UDP/443

NTP Endpoints

35.166.49.153 - UDP/123 + TCP+UDP/443
time.control.verkada.com - UDP/123
time.cloudflare.com - TCP/4460
time.cloudflare.com - UDP/123

Access Control Endpoints

access.prod-ap-syd.command.verkada.com - TCP+UDP/443
vcerberus.command.verkada.com - TCP+UDP/443

Use the Verkada Network Tester to verify your devices can connect to Verkada Command. Select your region and the Access product type to run the check.

The following endpoints must be allowed on your network for the test to work:

  • speed.cloudflare.com

  • network-tester.support.verkada.com

Need more help? Contact Verkada Support.

Related Articles
Air Quality Sensor Network Settings
Intercom Network Settings
Camera Network Settings
Gateways Network Settings
Command Connector Network Settings
Did this answer your question?