This article outlines the required network settings that your Verkada camera needs to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.
Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.
Status LED
A blinking blue status LED or an alternating blue and amber status LED on the front of the physical camera indicates that the camera is not communicating with Command. See Camera LED Status Indicators for more information. If you see this behavior, verify that the network is configured according to the camera's requirements. If the issue persists, contact Verkada Support.
If the camera is offline and still has power, it will continue to record. Once the camera is reconnected to Command, the video will be available. Once a camera comes online, it can take a few hours for the video footage to sync, and the duration depends largely on how long the camera has been offline.
IP address
Cameras must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Cameras use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you require your camera to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device's label).
Domain Name System
Cameras use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the camera where the DNS server is on the network and the camera communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Power
Cameras are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to the camera, or a PoE injector needs to be utilized. For specifics on power requirements, see the camera's datasheet.
Firewall settings
Verkada cameras require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the cameras to communicate with the general required endpoints.
These are the general domains to allow, applicable for all organization-regions:
*:4100 - TCP/UDP on local network
*.verkada.com - UDP/123 + TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
*.amazonaws.com - TCP+UDP/443
*.amazonaws.com - TCP/443 (only required for PTZ cameras)
If you prefer a more granular allowlist, you can add both full FQDNs and wildcard domains to your firewall rules based on the region where your devices are located.
Your region is selected when you create an organization in Command.
Region: United States
*:4100 - TCP/UDP on local network (for local streaming)
api.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
index.control.verkada.com - TCP+UDP/443
relay.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
*.vnetcap.control.verkada.com - TCP/443
*.vstream.vnetcap.control.verkada.com - TCP/443
*.vsubmit.vnetcap.control.verkada.com - TCP/443
*.vprovision.vnetcap.control.verkada.com - TCP/443
*.vproxy.vnetcap.control.verkada.com - TCP/443
*. kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443
s3.ap-southeast-2.amazonaws.com - TCP/443†*
s3.ca-central-1.amazonaws.com - TCP/443†*
s3.eu-west-1.amazonaws.com - TCP/443†*
s3.us-west-2.amazonaws.com - TCP/443†
time.cloudflare.com - TCP/4460 + UDP/123
Region: Europe
*:4100 - TCP/UDP on local network (for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
index.prod2.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod2.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443
*. kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-west-1.amazonaws.com - TCP/443†
Region: Australia
*:4100 - TCP/UDP on LAN (for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod-ap-syd.control.verkada.com - TCP+UDP/443
index.prod.ap.syd.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod-ap-syd.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod.ap.syd.command.verkada.com - TCP+UDP/443
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-west-1.amazonaws.com - TCP/443†
Footnotes:
†Required for cloud backup.
*Only required if your data storage location is set outside the United States.
Use the Verkada Network Tester to verify your devices can connect to Verkada Command. Select your region and the Cameras product type to run the check.
The following endpoints must be allowed on your network for the test to work:
speed.cloudflare.com
network-tester.support.verkada.com
Need more help? Contact Verkada Support.