search
Log InContact Support

Viewing Station Network Settings

Learn about the required network settings for Verkada viewing stations

This article outlines the required network settings that your Verkada viewing stationsarrow-up-right need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.

circle-exclamation

Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.

hashtag
IP address

Viewing stations must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Viewing stations support both wired and wireless internet connections. They use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.

If you require your viewing station to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device’s label).

hashtag
Domain Name System

Viewing stations use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the intercom where the DNS server is on the network and the intercom communicates using UDP port 53.

circle-exclamation

DNS over HTTPS (DoH) is currently not supported.

hashtag
Firewall settings

Viewing stations require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the viewing stations to communicate with the general required endpoints.

These are the general domains to allow, applicable for all organization-regions:

Domain/IP
Protocol/Port

34.216.15.26

UDP:123

*:4100

TCP/UDP on local network

*.verkada.com

UDP:123 + TCP/UDP:443

*.vcamera.net

TCP/UDP:443

apple.com

TCP/UDP:80/443

apple.com

TCP:2197/5223

apple.com

UDP:123

*.apple.com

TCP/UDP:80/443

*.apple.com

TCP:2197/5223

*.apple.com

UDP:123

*.cdn-apple.com

TCP/UDP:80/443

*.aaplimg.com

TCP/UDP:80/443

*.applimg.com

UDP:123

app-measurement.com

TCP/UDP:443

browser-intake-datadoghq.com

TCP/UDP:443

firebaselogging-pa.googleapis.com

TCP/UDP:443

crl.entrust.net

TCP:80

crl3.digicert.com

TCP:80

crl4.digicert.com

TCP:80

*.mzstatic.com

TCP:443

ocsp.comodoca.com

TCP:80

ocsp.digicert.com

TCP:80

ocsp.entrust.net

TCP:80

If you prefer a more granular allowlist, you can add IP addresses, full FQDNs, and wildcard domains to your firewall rules based on the region where your devices are located.

circle-exclamation

Your region is selected when you create an organizationarrow-up-right in Command.

Domain/IP
Protocol/Port

34.216.15.26

UDP:123

*:4100

TCP/UDP on local network

api.control.verkada.com

TCP/UDP:443

api.global-prod.control.verkada.com

TCP/UDP:443

firmware.control.verkada.com

TCP/UDP:443

index.control.verkada.com

TCP/UDP:443

relay.control.verkada.com

TCP/UDP:443

relay.global-prod.control.verkada.com

TCP/UDP:443

time.control.verkada.com

UDP:123

update.control.verkada.com

TCP/UDP:443

vconductor.command.verkada.com

TCP/UDP:443

vconductor.global-prod.command.verkada.com

TCP/UDP:443

vecho.command.verkada.com

TCP/UDP:443

vfilter.verkada.com

TCP/UDP:443

vlocaldns.command.verkada.com

TCP/UDP:443

vmdm.command.verkada.com

TCP/UDP:443

vmdm.global-prod.verkada.com

TCP/UDP:443

vprovision.command.verkada.com

TCP/UDP:443

vsensor.command.verkada.com

TCP/UDP:443

vstream.command.verkada.com

TCP/UDP:443

vsubmit.command.verkada.com

TCP/UDP:443

vvx.command.verkada.com

TCP/UDP:443

apple.com

TCP/UDP:80/443

apple.com

TCP:2197/5223

apple.com

UDP:123

*.apple.com

TCP/UDP:80/443

*.apple.com

TCP:2197/5223

*.apple.com

UDP:123

*.cdn-apple.com

TCP/UDP:80/443

*.aaplimg.com

TCP/UDP:80/443

*.applimg.com

UDP:123

app-measurement.com

TCP/UDP:443

browser-intake-datadoghq.com

TCP/UDP:443

firebaselogging-pa.googleapis.com

TCP/UDP:443

crl.entrust.net

TCP:80

crl3.digicert.com

TCP:80

crl4.digicert.com

TCP:80

*.mzstatic.com

TCP:443

ocsp.comodoca.com

TCP:80

ocsp.digicert.com

TCP:80

ocsp.entrust.net

TCP:80

circle-info

Use the Verkada Network Testerarrow-up-right to verify your devices can connect to Verkada Command. Select your region and the Viewing Station product type to run the check.

The following endpoints must be allowed on your network for the test to work:

  • speed.cloudflare.com

  • network-tester.support.verkada.com

Last updated

Was this helpful?