Video Security Network Settings

Learn about the required network settings for Verkada cameras

Updated over a week ago

This article outlines the required settings that your Verkada Video Security cameras need to communicate with Verkada Command and to operate properly.

Requirement: Verkada devices are incompatible with LANs that require the use of proxy servers or that require Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either are in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Command.

Status LED

A flashing blue or alternating blue and orange status LED on the front of the physical camera indicates the camera is not communicating with Command. Check the status LED doc for explanations of each LED pattern. If you see this behavior, check that the network is set up with the camera’s requirements.

If the problem persists, contact Verkada Support.

If the camera is offline and still has power, the camera continues to record. Once the camera reconnects with Command, the video becomes available. When a camera comes online, the video footage sync can take a few hours and the length of time is highly dependent on how long the cameras were offline.

Power

Verkada's video security cameras are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to the cameras, or a PoE injector needs to be utilized. Each model has specific requirements. Check the video security datasheet for your camera model(s) to ensure you get the power they need.

Video impact on the network

See adaptive quality recording for standard quality (SQ) and high quality (HQ) video data bitrates. Limit the amount of upload bandwidth at a camera site using Verkada's Enterprise Bandwidth Manager.

Recommendation. To minimize network impact per camera, at the expense of losing some bandwidth-heavy features, enable Low Bandwidth Mode. These options can help the Verkada solution work on bandwidth-restricted networks.

IP address

Verkada cameras need an IPv4 address to communicate to Command through the internet. Cameras use Dynamic Host Configuration Protocol (DHCP), User Datagram Protocol (UDP) ports 67 and 68, to obtain their IP addresses and network configurations.

If you want to have a specific IP address on your camera, you can:

Domain Name System

Cameras use the Domain Name System (DNS) server to resolve Verkada’s fully-qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the camera where the DNS server is on the network and the camera communicates using UDP port 53.

Note: DNS over HTTPS (DoH) is currently not supported.

Firewall settings

Verkada devices require access to many endpoints to have the full-featured experience. Many customers may want to restrict devices to only communicate with the specific required endpoints.

These are the general domains to allow, applicable for all organization-regions:

  • *.verkada.com - UDP/123 + TCP+UDP/443

  • 34.216.15.26 - UDP/123

  • time.cloudflare.com - TCP/4460 + UDP/123

  • *:4100 - TCP/UDP on LAN

  • *.amazonaws.com - TCP+UDP/443

  • *.backblazeb2.com - TCP/443

  • *.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)

If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, these are the domains to allowlist, by region:

Region: United States

Note: Your region is selected when you create an organization in Command.

  • api.global-prod.control.verkada.com - TCP+UDP/443

  • relay.global-prod.control.verkada.com - TCP+UDP/443

  • vconductor.global-prod.command.verkada.com - TCP+UDP/443

  • api.control.verkada.com - TCP+UDP/443

  • relay.control.verkada.com - TCP+UDP/443

  • index.control.verkada.com - TCP+UDP/443

  • firmware.control.verkada.com - TCP+UDP/443

  • update.control.verkada.com - TCP+UDP/443

  • time.control.verkada.com - UDP/123

  • user.pyramid.verkada.com - TCP+UDP/443

  • device.pyramid.verkada.com - TCP+UDP/443

  • nlb.verkada.com - TCP+UDP/443

  • device-nlb.verkada.com - TCP+UDP/443

  • 34.216.15.26 - UDP/123

  • time.cloudflare.com - TCP/4460 + UDP/123

  • api-ga.control.verkada.com - TCP+UDP/443

  • *.kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443

  • *.us-west-1.compute.amazonaws.com - TCP+UDP/443

  • *:4100 - TCP/UDP on LAN (only required for local streaming)

  • s3.eu-west-1.amazonaws.com - TCP/443†

  • s3.us-west-2.amazonaws.com - TCP/443†

  • s3.ca-central-1.amazonaws.com - TCP/443†

  • s3.ap-southeast-2.amazonaws.com - TCP/443†

  • s3.us-west-004.backblazeb2.com - TCP/443†

  • s3.eu-central-003.backblazeb2.com - TCP/443†

  • *.us-west-2.compute.amazonaws.com - UDP/1024-65535 (only required for PTZ cameras)

Region: Europe

Note: Your region is selected when you create an organization in Command.

  • api.global-prod.control.verkada.com - TCP+UDP/443

  • relay.global-prod.control.verkada.com - TCP+UDP/443

  • vconductor.global-prod.command.verkada.com - TCP+UDP/443

  • api.prod2.control.verkada.com - TCP+UDP/443

  • relay.prod2.control.verkada.com - TCP+UDP/443

  • index.prod2.control.verkada.com - TCP+UDP/443

  • update.control.verkada.com - TCP+UDP/443

  • vconductor.prod2.command.verkada.com - TCP+UDP/443

  • time.control.verkada.com - UDP/123

  • time.cloudflare.com - TCP/4460 + UDP/123

  • api-ga.control.verkada.com - TCP+UDP/443

  • *.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443

  • *.eu-west-1.compute.amazonaws.com - TCP+UDP/443

  • *:4100 - TCP/UDP on LAN (only required for local streaming)

  • s3.eu-west-1.amazonaws.com - TCP/443†

  • s3.eu-central-003.backblazeb2.com - TCP/443†

  • *.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)

Required for cloud backup

Related resources


Need more help? Contact Verkada Support

Did this answer your question?