Verkada devices need to communicate with Verkada Command in AWS GovCloud, and they use the network they are connected to to do this. In most cases, minimal updates to your network settings are needed. Additional configuration may be required for complex or highly secure networks.
Some firewalls do not allow wildcards (*), so you may need to allow each endpoint individually.
Compatibility
Verkada devices are incompatible with local area networks (LANs) that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for your Verkada devices to communicate with Verkada Command.
IP address
Verkada devices must be assigned an IPv4 address to communicate on the LAN and to Verkada Command through the internet. By default, all Verkada devices use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you require your device to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device's label). You can also set up static IP addresses in Command for cameras.
Domain Name System
Verkada devices use the Domain Name System (DNS) server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Verkada device where the DNS server is on the network, and the device communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Power
Most Verkada devices are powered through Power over Ethernet (PoE). You can use the product datasheets to figure out the power requirements for your Verkada devices.
These are the most common power requirements:
IEE 802.3af, Type 1 PoE
IEEE 802.3at, Type 2 PoE+
IEEE 802.3bt, Type 3 PoE++
Camera network settings
This section outlines the required network settings that your Verkada cameras need to communicate with Verkada Command hosted in AWS GovCloud. For more information on the required network settings for other Verkada product lines see Required Network Settings.
Firewall settings
Verkada cameras require access to many endpoints to ensure they can communicate with Command and all features will be accessible.
These are the general domains to allow, applicable for all organization-regions:
Region: United States Gov
api.global-prod.control.verkada.com (HTTPS/443)
44.229.19.56/32
54.200.195.106/32
54.69.85.201/32
update.control.verkada.com (HTTPS/443)
NTP: returned by DHCP client, if not provided, falls back to time.nist.gov (UDP/123)
Local streaming: *:4100 on LAN (HTTPS/443)
RTSP: *:8554 on LAN
kinesisvideo.us-gov-west-1.amazonaws.com (HTTPS/443)
*.us-gov-west-1.compute.amazonaws.com (HTTPS/443)
*.us-gov-west-1.compute.amazonaws.com (UDP/1024-65535)
s3.us-gov-west-1.amazonaws.com (HTTPS/443)
108.175.56.0/22
136.18.0.0/23
108.175.48.0/22
15.200.176.128/28
15.200.28.240/28
verkada-firmware.s3.us-west-2.amazonaws.com (HTTPS/443)
3.5.76.0/22
18.34.244.0/22
18.34.48.0/20
3.5.80.0/21
52.218.128.0/17
52.92.128.0/17
35.80.36.208/28
35.80.36.224/28
api.prod-govus-pine.control.verkadagov.com (HTTPS/443)
3.32.137.127/32
3.31.127.57/32
3.30.93.146/32
api.control.verkada.com (HTTPS/443)
35.155.73.204/32
54.186.237.126/32
35.166.49.153/32
35.84.130.83/32
Need more help? Contact Verkada Support.