Alarms Network Settings
Learn about the required network settings for Verkada Alarms
This article is a guide for new Alarms. Refer to this article if you have classic Alarms. See New Alarms vs Classic Alarms if you are unsure which version of Alarms you have.
This article outlines the required network settings that your Verkada Alarms devices need to communicate with Verkada Command. For more information on the required network settings for other Verkada product lines see Required Network Settings.
Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command.
IP address
Alarms devices must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Alarms devices use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations.
If you require your Alarm device to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device’s label).
Devices such as keypads or hubs that connect to a panel over Ethernet must receive an IP address in a valid RFC1918 private IP range.
Domain Name System
Alarms devices use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the Alarms device where the DNS server is on the network and the Alarms device communicates using UDP port 53.
DNS over HTTPS (DoH) is currently not supported.
Firewall settings
Alarms devices require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the devices to communicate with the general required endpoints.
These are the general domains to allow, applicable for all organization-regions:
34.216.15.26
UDP:123
*.verkada.com
UDP:123 + TCP/UDP:443
*.appcenter.ms
TCP:443
global.turn.twilio.com
TCP:443
time.cloudflare.com
TCP:4460
time.cloudflare.com
UDP:123
If your firewall does not allow wildcard masking, or you prefer to have the entire FQDN of the endpoint in your firewall rules, you can add the domains to your allowlist based on the region your devices are in.
Region: United States
34.216.15.26
UDP:123
api.control.verkada.com
TCP/UDP:443
api.global-prod.control.verkada.com
TCP/UDP:443
firmware.control.verkada.com
TCP/UDP:443
index.control.verkada.com
TCP/UDP:443
relay.control.verkada.com
TCP/UDP:443
relay.global-prod.control.verkada.com
TCP/UDP:443
time.control.verkada.com
UDP:123
update.control.verkada.com
TCP/UDP:443
vconductor.command.verkada.com
TCP/UDP:443
vconductor.global-prod.command.verkada.com
TCP/UDP:443
vprotect.control.verkada.com
TCP/UDP:443
*.appcenter.ms
TCP:443
global.turn.twilio.com
TCP:443
BZ11
global.stun.twilio.com
UDP:3478
global.turn.twilio.com
UDP:3478
WH52 / BK22
These devices have additional requirements for connecting back to the panel when using Ethernet instead of RS485.
224.0.0.251
UDP:5353
(Alarm panel IP address)
TCP/UDP:5607
(Alarm panel IP address)
TCP/UDP:5606
Use the Verkada Network Tester to verify your devices can connect to Verkada Command. Select your region and the Alarms product type to run the check.
The following endpoints must be allowed on your network for the test to work:
speed.cloudflare.com
network-tester.support.verkada.com
Last updated
Was this helpful?