Skip to main content
All CollectionsCommand Connector
Command Connector Network Settings
Command Connector Network Settings

Learn about the required network settings for Verkada Command Connectors

Updated over a month ago

This article outlines the required network settings for your Command Connector to communicate with non-Verkada cameras and Verkada Command. For more information on the required network settings for other Verkada product lines, see Required Network Settings.

The Command Connector has 2 RJ-45 Ethernet Interfaces. Only connect one of the interfaces to your network. Connecting both interfaces could lead to a Layer 2 loop.

IP address

The Command Connector must be assigned an IPv4 address to communicate on the LAN and with Verkada Command. The Command Connector obtains its IP address and network configurations using Dynamic Host Configuration Protocol (DHCP).

The Command Connector has two ethernet interfaces. If you are using IP address reservations, it is recommended to configure two reservations—one for each Ethernet port.

Domain Name System

Command Connectors use a DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Command Connector where the DNS server is on the network, and it communicates using UDP port 53.

DNS over HTTPS (DoH) is currently not supported.

Non-Verkada cameras

Ensure that the Command Connector and non-Verkada cameras can communicate bi-directionally. If they are on separate or remote subnets, verify that routing works correctly in both directions. Note that dynamic NAT or Layer 3 (L3) translation is not supported between these devices.

The Command Connector connects to non-Verkada cameras over the LAN using port 4100. Non-Verkada cameras use port 554 to serve RTSP streams and port 80, 8080, or 443 to serve ONVIF.

Verify these ports are allowed on the network:

  • TCP+UDP ports 80, 8080, 443: Enables the Command Connector to read and set camera parameters using ONVIF.

  • TCP+UDP port 554: Enables the Command Connector to ingest RTSP video streams from non-Verkada cameras.

  • Port 3702: Enables WS-Discovery so the Command Connector can discover and connect to non-Verkada cameras over the LAN.

Firewall settings

Command Connectors require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the Command Connector to communicate with the general required endpoints.

These are the general domains to allow, applicable for all organizations:

34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN
*.verkada.com - UDP/123 + TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
*.amazonaws.com - TCP+UDP/443
*.backblazeb2.com - TCP/443

If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, you can add the domains to your allowlist.

Your region is selected when you create an organization in Command.

Region: United States

34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api.control.verkada.com - TCP+UDP/443
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
device-nlb.verkada.com - TCP+UDP/443
device.pyramid.verkada.com - TCP+UDP/443
firmware.control.verkada.com - TCP+UDP/443
index.control.verkada.com - TCP+UDP/443
nlb.verkada.com - TCP+UDP/443
relay.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vlogging.command.verkada.com - TCP+UDP/443
user.pyramid.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
*.vnetcap.control.verkada.com - TCP/443
*.vosprey.vnetcap.control.verkada.com - TCP/443
*.vstream.vnetcap.control.verkada.com - TCP/443
*.vsubmit.vnetcap.control.verkada.com - TCP/443
*.vprovision.vnetcap.control.verkada.com - TCP/443
*.vproxy.vnetcap.control.verkada.com - TCP/443
*.kinesisvideo.us-west-2.amazonaws.com - TCP+UDP/443
s3.ap-southeast-2.amazonaws.com - TCP/443†‡
s3.ca-central-1.amazonaws.com - TCP/443†‡
s3.eu-central-003.backblazeb2.com - TCP/443†‡
s3.eu-west-1.amazonaws.com - TCP/443†‡
s3.us-west-004.backblazeb2.com - TCP/443†
s3.us-west-2.amazonaws.com - TCP/443†
time.cloudflare.com - TCP/4460 + UDP/123
vlogging.command.verkada.com/connect-box-logs - TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443

Region: Europe

34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod2.control.verkada.com - TCP+UDP/443
index.prod2.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod2.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod2.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
vlogging.prod2.command.verkada.com/connect-box-logs TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443

Region: Australia

34.216.15.26 - UDP/123 (Fallback NTP)
*:4100 - TCP/UDP on LAN (only required for local streaming)
api-ga.control.verkada.com - TCP+UDP/443
api.global-prod.control.verkada.com - TCP+UDP/443
api.prod-ap-syd.control.verkada.com - TCP+UDP/443
index.prod.ap.syd.control.verkada.com - TCP+UDP/443
relay.global-prod.control.verkada.com - TCP+UDP/443
relay.prod-ap-syd.control.verkada.com - TCP+UDP/443
time.cloudflare.com - TCP/4460 + UDP/123
time.control.verkada.com - UDP/123
update.control.verkada.com - TCP+UDP/443
vconductor.global-prod.command.verkada.com - TCP+UDP/443
vconductor.prod.ap.syd.command.verkada.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - TCP+UDP/443
*.eu-west-1.compute.amazonaws.com - UDP/1024 to 65535 (only required for PTZ cameras)
*.kinesisvideo.eu-west-1.amazonaws.com - TCP+UDP/443
s3.eu-central-003.backblazeb2.com - TCP/443†
s3.eu-west-1.amazonaws.com - TCP/443†
vlogging.prod-ap-syd.command.verkada.com/connect-box-logs TCP+UDP/443
vlogging.global-prod.command.verkada.com/connect-box-logs - TCP+UDP/443

Footnotes:


Need more help? Contact Verkada Support.

Did this answer your question?