This article outlines the required network settings for your Command Connector to communicate with non-Verkada cameras and Verkada Command. For more information on the required network settings for other Verkada product lines, see Required Network Settings.
The Command Connector has 2 RJ-45 Ethernet Interfaces. Only connect one of the interfaces to your network. Connecting both interfaces could lead to a Layer 2 loop.
IP address
The Command Connector must be assigned an IPv4 address to communicate on the LAN and with Verkada Command. The Command Connector obtains its IP address and network configurations using Dynamic Host Configuration Protocol (DHCP).
The Command Connector has two ethernet interfaces. If you are using IP address reservations, it is recommended to configure two reservations—one for each Ethernet port.
Domain Name System
Command Connectors use a DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Command Connector where the DNS server is on the network, and it communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Non-Verkada cameras
Ensure that the Command Connector and non-Verkada cameras can communicate bi-directionally. If they are on separate or remote subnets, verify that routing works correctly in both directions. Note that dynamic NAT or Layer 3 (L3) translation is not supported between these devices.
The Command Connector connects to non-Verkada cameras over the LAN using port 4100. Non-Verkada cameras use port 554 to serve RTSP streams and port 80, 8080, or 443 to serve ONVIF.
Verify these ports are allowed on the network:
TCP+UDP ports 80, 8080, 443: Enables the Command Connector to read and set camera parameters using ONVIF.
TCP+UDP port 554: Enables the Command Connector to ingest RTSP video streams from non-Verkada cameras.
Port 3702: Enables WS-Discovery so the Command Connector can discover and connect to non-Verkada cameras over the LAN.
Firewall settings
Command Connectors require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the Command Connector to communicate with the general required endpoints.
These are the general domains to allow, applicable for all organizations:
34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN
*.verkada.com - UDP/123 + TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
*.amazonaws.com - TCP+UDP/443
*.backblazeb2.com - TCP/443
If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, you can add the domains to your allowlist.
Your region is selected when you create an organization in Command.
Region: United States
34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
device-nlb.verkada.com - TCP+UDP/443
device.pyramid.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
index.control.verkada.com - TCP+UDP/443
nlb.verkada.com - TCP+UDP/443
relay.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vlogging.command.verkada.com - TCP+UDP/443
user.pyramid.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
*.vnetcap.control.verkada.com - TCP/443
*.vosprey.vnetcap.control.verkada.com - TCP/443
*.vstream.vnetcap.control.verkada.com - TCP/443
*.vsubmit.vnetcap.control.verkada.com - TCP/443
*.vprovision.vnetcap.control.verkada.com - TCP/443
*.vproxy.vnetcap.control.verkada.com - TCP/443
*.kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443
s3.ap-southeast-2.amazonaws.com - TCP/443†‡
s3.ca-central-1.amazonaws.com - TCP/443†‡
s3.eu-central-003.backblazeb2.com - TCP/443†‡
s3.eu-west-1.amazonaws.com - TCP/443†‡
s3.us-west-004.backblazeb2.com - TCP/443†
s3.us-west-2.amazonaws.com - TCP/443†
time.cloudflare.com - TCP/4460 + UDP/123
vlogging.command.verkada.com/connect-box-logs - TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443
Region: Europe
34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
index.prod2.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod2.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
vlogging.prod2.command.verkada.com/connect-box-logs TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443
Region: Australia
34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod-ap-syd.control.verkada.com - TCP+UDP/443
index.prod.ap.syd.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod-ap-syd.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod.ap.syd.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
vlogging.prod-ap-syd.command.verkada.com/connect-box-logs TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443
Footnotes:
†Required for cloud backup.
‡Only required if your data storage location is set outside of the US.
Need more help? Contact Verkada Support.