All Collections
Intercom
Intercom Network Settings
Intercom Network Settings

Learn about the required network settings for Verkada Intercoms

Updated over a week ago

This article outlines the required settings that your Verkada Intercom need to communicate with Verkada Command and to operate properly.

Requirement: Verkada devices are incompatible with LANs that require the use of proxy servers or that require Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either are in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Command.

Status LED

A flashing blue status LED on the top of the front of the intercom indicates the intercom is not communicating with Command. If you see this behavior, check that the network is set up with the intercom’s requirements.

If the problem persists, contact Verkada Support.

Power

Verkada Intercoms are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to the intercom, or a PoE injector needs to be utilized. For specifics on power requirements, see the Intercom datasheet.

IP address

Intercoms need an IPv4 address to communicate to Command through the internet. Intercoms use Dynamic Host Configuration Protocol (DHCP), User Datagram Protocol (UDP) ports 67 and 68, to obtain their IP addresses and network configurations.

If you want to have a specific IP address on your intercom, set a DHCP reservation using the intercom's Media Access Control (MAC) address (found on the device's label).

Domain Name System

Intercoms use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the intercom where the DNS server is on the network and the intercom communicates using UDP port 53.

Note: DNS over HTTPS (DoH) is currently not supported.

Firewall settings

Verkada devices require access to many endpoints to have the full-featured experience. Many customers may want to restrict devices to only communicate with the specific required endpoints.

These are the general domains to allow, applicable for all organization-regions:

  • *.verkada.com - UDP/123 + TCP+UDP/443

  • 34.216.15.26 - UDP/123

  • 35.166.49.153 - UDP/123 + TCP+UDP/443

  • 54.172.60.0/23 - UDP 10000 to 20000

  • 54.244.51.0/24 - UDP 1024 to 65535

  • 34.203.250.0/23 - UDP 10000 to 20000

  • 168.86.128.0/18 - UDP 10000 to 60000

  • *.twilio.com - TCP+UDP 443, 5060, 5061

  • time.cloudflare.com - TCP/4460 + UDP/123

  • *:4100 - TCP/UDP on LAN

  • *.amazonaws.com - TCP+UDP/443

  • *.backblazeb2.com - TCP/443

  • *.amazonaws.com - UDP/1024 to 65535

If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, these are the domains to allowlist:

Region: United States

Note: Your region is selected when you create an organization in Command.

  • 35.166.49.153 - UDP/123 + TCP+UDP/443

  • vcerberus.command.verkada.com - TCP+UDP/443

  • access.control.verkada.com - TCP+UDP/443

  • api.global-prod.control.verkada.com - TCP+UDP/443

  • relay.global-prod.control.verkada.com - TCP+UDP/443

  • vconductor.global-prod.command.verkada.com - TCP+UDP/443

  • api.control.verkada.com - TCP+UDP/443

  • relay.control.verkada.com - TCP+UDP/443

  • index.control.verkada.com - TCP+UDP/443

  • firmware.control.verkada.com - TCP+UDP/443

  • update.control.verkada.com - TCP+UDP/443

  • time.control.verkada.com - UDP/123

  • user.pyramid.verkada.com - TCP+UDP/443

  • device.pyramid.verkada.com - TCP+UDP/443

  • nlb.verkada.com - TCP+UDP/443

  • device-nlb.verkada.com - TCP+UDP/443

  • 34.216.15.26 - UDP/123

  • api-ga.control.verkada.com - TCP+UDP 443

  • 54.172.60.0/23 - UDP 10000 to 20000

  • 54.244.51.0/24 - UDP 1024 to 65535

  • 34.203.250.0/23 - UDP 10000 to 20000

  • 168.86.128.0/18 - UDP 10000 to 60000

  • chunderm.gll.twilio.com - TCP 443†

  • eventgw.twilio.com - TCP 443†

  • ers.twilio.com - TCP 443†

  • verkada-erik-sip.sip.twilio.com - TCP+UDP 5060, 5061

  • verkada-erik-sip.sip.us1.twilio.com - TCP+UDP 5060, 5061

  • verkada.sip.us1.twilio.com - TCP+UDP 5060, 5061

  • verkada-vinter-audio-files-prod1.s3.amazonaws.com - TCP+UDP 443

  • time.cloudflare.com - TCP/4460

  • time.cloudflare.com - UDP/123

  • api-ga.control.verkada.com - TCP+UDP/443

  • *.kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443

  • *.us-west-1.compute.amazonaws.com - TCP+UDP/443

  • *:4100 - TCP/UDP on LAN (only required for local streaming)

  • s3.eu-west-1.amazonaws.com - TCP/443‡

  • s3.us-west-2.amazonaws.com - TCP/443‡

  • s3.ca-central-1.amazonaws.com - TCP/443‡

  • s3.ap-southeast-2.amazonaws.com - TCP/443‡

  • s3.us-west-004.backblazeb2.com - TCP/443‡

  • s3.eu-central-003.backblazeb2.com - TCP/443‡

  • *.us-west-2.compute.amazonaws.com - UDP/1024 to 65535

Region: Europe

Note: Your region is selected when you create an organization in Command.

  • 35.166.49.153 - UDP/123 + TCP+UDP/443

  • vcerberus.command.verkada.com - TCP+UDP/443

  • relay.prod2.control.verkada.com - TCP+UDP/443

  • api.prod2.control.verkada.com - TCP+UDP/443

  • access.prod2.command.verkada.com - TCP+UDP/443

  • api.global-prod.control.verkada.com - TCP+UDP/443

  • relay.global-prod.control.verkada.com - TCP+UDP/443

  • vconductor.global-prod.command.verkada.com - TCP+UDP/443

  • index.prod2.control.verkada.com - TCP+UDP/443

  • update.control.verkada.com - TCP+UDP/443

  • vconductor.prod2.command.verkada.com - TCP+UDP/443

  • time.control.verkada.com - UDP/123

  • api-ga.control.verkada.com - TCP+UDP 443

  • 54.172.60.0/23 - UDP 10000 to 20000

  • 54.244.51.0/24 - UDP 1024 to 65535

  • 34.203.250.0/23 - UDP 10000 to 20000

  • 168.86.128.0/18 - UDP 10000 to 60000

  • chunderm.gll.twilio.com - TCP 443†

  • eventgw.twilio.com - TCP 443†

  • ers.twilio.com - TCP 443†

  • verkada-prod2.sip.twilio.com - TCP+UDP 5060, 5061

  • verkada-prod2.sip.us1.twilio.com - TCP+UDP 5060, 5061

  • verkada-vinter-audio-files-prod2.s3.amazonaws.com - TCP+UDP 443

  • time.cloudflare.com - TCP/4460

  • time.cloudflare.com - UDP/123

  • api-ga.control.verkada.com - TCP+UDP/443

  • *.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443

  • *.eu-west-1.compute.amazonaws.com - TCP+UDP/443

  • *:4100 - TCP/UDP on LAN (only required for local streaming)

  • s3.eu-west-1.amazonaws.com - TCP/443‡

  • s3.eu-central-003.backblazeb2.com - TCP/443‡

  • *.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535

Footnotes:

†required for Desk Stations and Verkada Pass

‡required for cloud backup

Related resources

Need more help? Contact Verkada Support

Did this answer your question?