This article outlines the required network settings that your Verkada cameras need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.
Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.
Status LED
A flashing blue or alternating blue and orange status LED on the front of the physical camera indicates the camera is not communicating with Command. Check the status LED doc for explanations of each LED pattern. If you see this behavior, check that the network is set up with the camera’s requirements. If the problem persists, contact Verkada Support.
If the camera is offline and still has power, the camera continues to record. Once the camera reconnects with Command, the video becomes available. When a camera comes online, the video footage sync can take a few hours and the length of time is highly dependent on how long the camera was offline.
Video impact on the network
See adaptive quality recording for standard quality (SQ) and high quality (HQ) video data bitrates. You can also use Verkada's Enterprise Bandwidth Manager to limit the amount of upload bandwidth at a camera site.
To minimize network impact per camera, at the expense of losing some bandwidth-heavy features, enable Low Bandwidth Mode. These options can help the Verkada solution work on bandwidth-restricted networks.
IP address
Verkada cameras must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Cameras use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you want to have a specific IP address on your camera, you can:
Set up a static IP address through Command.
Set a DHCP reservation using the camera’s Media Access Control (MAC) address (found on the device's label).
Verkada devices may utilize path MTU discovery to determine the maximum transmission unit of the network path. Therefore, it is necessary to permit ICMP Fragmentation Needed (Type 3, Code 4) and ICMPv6 Packet Too Big (Type 2) packets. Ensure your firewall(s) are configured to permit this in the return path to your Verkada devices.
Domain Name System
Verkada cameras use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the camera where the DNS server is on the network and the camera communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Power
Verkada cameras are powered through Power over Ethernet (PoE). This means the network switch needs to provide power to the camera, or a PoE injector needs to be utilized. For specifics on power requirements, see the camera's datasheet.
Firewall settings
Verkada cameras require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the cameras to communicate with the general required endpoints.
These are the general domains to allow, applicable for all organization-regions:
34.216.15.26 - UDP/123
*:4100 - TCP/UDP on LAN
*.verkada.com - UDP/123 + TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
*.amazonaws.com - TCP+UDP/443
*.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.backblazeb2.com - TCP/443
If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, you can add the domains to your allowlist based on the region your devices are in.
Your region is selected when you create an organization in Command.
Region: United States
34.216.15.26 - UDP/123
*:4100 - TCP/UDP on LAN (only required for local streaming)
api.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
device-nlb.verkada.com - TCP+UDP/443
device.pyramid.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
index.control.verkada.com - TCP+UDP/443
nlb.verkada.com - TCP+UDP/443
relay.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
user.pyramid.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
*.vnetcap.control.verkada.com - TCP/443
*.vosprey.vnetcap.control.verkada.com - TCP/443
*.vstream.vnetcap.control.verkada.com - TCP/443
*.vsubmit.vnetcap.control.verkada.com - TCP/443
*.vprovision.vnetcap.control.verkada.com - TCP/443
*.vproxy.vnetcap.control.verkada.com - TCP/443
*.kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443
s3.ap-southeast-2.amazonaws.com - TCP/443†‡
s3.ca-central-1.amazonaws.com - TCP/443†‡
s3.eu-central-003.backblazeb2.com - TCP/443†‡
s3.eu-west-1.amazonaws.com - TCP/443†‡
s3.us-west-004.backblazeb2.com - TCP/443†
s3.us-west-2.amazonaws.com - TCP/443†
s3.ap-northeast-2.amazonaws.com - TCP/443†‡
*.us-west-2.compute.amazonaws.com - UDP/1024-65535 (only required for PTZ cameras)
time.cloudflare.com - TCP/4460 + UDP/123
Region: Europe
34.216.15.26 - UDP/123
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
index.prod2.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod2.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
s3.ap-northeast-2.amazonaws.com - TCP/443†‡
Region: Australia
34.216.15.26 - UDP/123
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod-ap-syd.control.verkada.com - TCP+UDP/443
index.prod.ap.syd.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod-ap-syd.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod.ap.syd.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
s3.ap-northeast-2.amazonaws.com - TCP/443†‡
Footnotes:
†Required for cloud backup.
‡Only required if your data storage location is set outside of the US.
Need more help? Contact Verkada Support.