# Viewing Station Network Settings This article outlines the required network settings that your Verkada [viewing stations](https://docs.verkada.com/docs/viewing-station-overview.pdf) need to communicate with [Verkada Command](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/getting-started/get-started-with-verkada-command). For more information on the required network settings for other Verkada product lines see [Required Network Settings](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/need-help/required-network-settings). {% hint style="warning" %} Verkada devices are incompatible with LANs that require proxy servers or Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspection. If either is in use, a bypass for all Verkada devices must be implemented for Verkada devices to communicate with Verkada Command. {% endhint %} ## IP address Viewing stations must be assigned an IPv4 address to communicate on the LAN and to Verkada Command. Viewing stations support both wired and wireless internet connections. They use Dynamic Host Configuration Protocol (DHCP) and User Datagram Protocol (UDP) to obtain their IP addresses and network configurations. If you require your viewing station to have a specific IP address, create a DHCP reservation using the device’s Media Access Control (MAC) address (found on the device’s label). ## Domain Name System Viewing stations use the DNS server to resolve Verkada’s fully qualified domain names (FQDN) to IP addresses to communicate with them. Your DHCP server tells the intercom where the DNS server is on the network and the intercom communicates using UDP port 53. {% hint style="warning" %} DNS over HTTPS (DoH) is currently not supported. {% endhint %} ## Firewall settings Viewing stations require access to many endpoints to ensure they can communicate with Command and all features will be accessible. Many customers may want to allow the viewing stations to communicate with the general required endpoints. These are the general domains to allow, **applicable for all organization-regions**: | Domain/IP | Protocol/Port | | --------------------------------- | ------------------------ | | 34.216.15.26 | UDP:123 | | \*:4100 | TCP/UDP on local network | | \*.verkada.com | UDP:123 + TCP/UDP:443 | | \*.vcamera.net | TCP/UDP:443 | | apple.com | TCP/UDP:80/443 | | apple.com | TCP:2197/5223 | | apple.com | UDP:123 | | \*.apple.com | TCP/UDP:80/443 | | \*.apple.com | TCP:2197/5223 | | \*.apple.com | UDP:123 | | \*.cdn-apple.com | TCP/UDP:80/443 | | \*.aaplimg.com | TCP/UDP:80/443 | | \*.applimg.com | UDP:123 | | app-measurement.com | TCP/UDP:443 | | browser-intake-datadoghq.com | TCP/UDP:443 | | firebaselogging-pa.googleapis.com | TCP/UDP:443 | | crl.entrust.net | TCP:80 | | crl3.digicert.com | TCP:80 | | crl4.digicert.com | TCP:80 | | \*.mzstatic.com | TCP:443 | | ocsp.comodoca.com | TCP:80 | | ocsp.digicert.com | TCP:80 | | ocsp.entrust.net | TCP:80 | If you prefer a more granular allowlist, you can add IP addresses, full FQDNs, and wildcard domains to your firewall rules based on the region where your devices are located. {% hint style="warning" %} Your region is selected when you [create an organization](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/get-started-with-verkada-command) in Command. {% endhint %} {% tabs %} {% tab title="United States" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------------------ | | 34.216.15.26 | UDP:123 | | \*:4100 | TCP/UDP on local network | | api.control.verkada.com | TCP/UDP:443 | | api.global-prod.control.verkada.com | TCP/UDP:443 | | firmware.control.verkada.com | TCP/UDP:443 | | index.control.verkada.com | TCP/UDP:443 | | relay.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.command.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vecho.command.verkada.com | TCP/UDP:443 | | vfilter.verkada.com | TCP/UDP:443 | | vlocaldns.command.verkada.com | TCP/UDP:443 | | vmdm.command.verkada.com | TCP/UDP:443 | | vmdm.global-prod.verkada.com | TCP/UDP:443 | | vprovision.command.verkada.com | TCP/UDP:443 | | vsensor.command.verkada.com | TCP/UDP:443 | | vstream.command.verkada.com | TCP/UDP:443 | | vsubmit.command.verkada.com | TCP/UDP:443 | | vvx.command.verkada.com | TCP/UDP:443 | | apple.com | TCP/UDP:80/443 | | apple.com | TCP:2197/5223 | | apple.com | UDP:123 | | \*.apple.com | TCP/UDP:80/443 | | \*.apple.com | TCP:2197/5223 | | \*.apple.com | UDP:123 | | \*.cdn-apple.com | TCP/UDP:80/443 | | \*.aaplimg.com | TCP/UDP:80/443 | | \*.applimg.com | UDP:123 | | app-measurement.com | TCP/UDP:443 | | browser-intake-datadoghq.com | TCP/UDP:443 | | firebaselogging-pa.googleapis.com | TCP/UDP:443 | | crl.entrust.net | TCP:80 | | crl3.digicert.com | TCP:80 | | crl4.digicert.com | TCP:80 | | \*.mzstatic.com | TCP:443 | | ocsp.comodoca.com | TCP:80 | | ocsp.digicert.com | TCP:80 | | ocsp.entrust.net | TCP:80 | | {% endtab %} | | {% tab title="Europe" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------------------ | | 34.216.15.26 | UDP:123 | | \*:4100 | TCP/UDP on local network | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod2.control.verkada.com | TCP/UDP:443 | | firmware.control.verkada.com | TCP/UDP:443 | | index.prod2.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod2.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod2.command.verkada.com | TCP/UDP:443 | | vfilter.prod2.verkada.com | TCP/UDP:443 | | vecho.prod2.verkada.com | TCP/UDP:443 | | vlocaldns.prod2.verkada.com | TCP/UDP:443 | | vmdm.command.verkada.com | TCP/UDP:443 | | vmdm.global-prod.verkada.com | TCP/UDP:443 | | vprovision.prod2.verkada.com | TCP/UDP:443 | | vsensor.prod2.verkada.com | TCP/UDP:443 | | vstream.prod2.verkada.com | TCP/UDP:443 | | vsubmit.prod2.verkada.com | TCP/UDP:443 | | vvx.prod2.verkada.com | TCP/UDP:443 | | apple.com | TCP/UDP:80/443 | | apple.com | TCP:2197/5223 | | apple.com | UDP:123 | | \*.apple.com | TCP/UDP:80/443 | | \*.apple.com | TCP:2197/5223 | | \*.apple.com | UDP:123 | | \*.cdn-apple.com | TCP/UDP:80/443 | | \*.aaplimg.com | TCP/UDP:80/443 | | \*.applimg.com | UDP:123 | | app-measurement.com | TCP/UDP:443 | | browser-intake-datadoghq.com | TCP/UDP:443 | | firebaselogging-pa.googleapis.com | TCP/UDP:443 | | crl.entrust.net | TCP:80 | | crl3.digicert.com | TCP:80 | | crl4.digicert.com | TCP:80 | | \*.mzstatic.com | TCP:443 | | ocsp.comodoca.com | TCP:80 | | ocsp.digicert.com | TCP:80 | | ocsp.entrust.net | TCP:80 | | {% endtab %} | | {% tab title="Australia" %} | Domain/IP | Protocol/Port | | ------------------------------------------ | ------------------------ | | 34.216.15.26 | UDP:123 | | \*:4100 | TCP/UDP on local network | | api.global-prod.control.verkada.com | TCP/UDP:443 | | api.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | firmware.control.verkada.com | TCP/UDP:443 | | index.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | relay.global-prod.control.verkada.com | TCP/UDP:443 | | relay.prod-ap-syd.control.verkada.com | TCP/UDP:443 | | time.control.verkada.com | UDP:123 | | update.control.verkada.com | TCP/UDP:443 | | vconductor.global-prod.command.verkada.com | TCP/UDP:443 | | vconductor.prod-ap-syd.command.verkada.com | TCP/UDP:443 | | vfilter.prod-ap-syd.verkada.com | TCP/UDP:443 | | vecho.prod-ap-syd.verkada.com | TCP/UDP:443 | | vlocaldns.prod-ap-syd.verkada.com | TCP/UDP:443 | | vmdm.command.verkada.com | TCP/UDP:443 | | vmdm.global-prod.verkada.com | TCP/UDP:443 | | vprovision.prod-ap-syd.verkada.com | TCP/UDP:443 | | vsensor.prod-ap-syd.verkada.com | TCP/UDP:443 | | vstream.prod-ap-syd.verkada.com | TCP/UDP:443 | | vsubmit.prod-ap-syd.verkada.com | TCP/UDP:443 | | vvx.prod-ap-syd.verkada.com | TCP/UDP:443 | | apple.com | TCP/UDP:80/443 | | apple.com | TCP:2197/5223 | | apple.com | UDP:123 | | \*.apple.com | TCP/UDP:80/443 | | \*.apple.com | TCP:2197/5223 | | \*.apple.com | UDP:123 | | \*.cdn-apple.com | TCP/UDP:80/443 | | \*.aaplimg.com | TCP/UDP:80/443 | | \*.applimg.com | UDP:123 | | app-measurement.com | TCP/UDP:443 | | browser-intake-datadoghq.com | TCP/UDP:443 | | firebaselogging-pa.googleapis.com | TCP/UDP:443 | | crl.entrust.net | TCP:80 | | crl3.digicert.com | TCP:80 | | crl4.digicert.com | TCP:80 | | \*.mzstatic.com | TCP:443 | | ocsp.comodoca.com | TCP:80 | | ocsp.digicert.com | TCP:80 | | ocsp.entrust.net | TCP:80 | | {% endtab %} | | | {% endtabs %} | | {% hint style="info" %} Use the [Verkada Network Tester](https://network-tester.support.verkada.com/) to verify your devices can connect to Verkada Command. Select your region and the **Viewing Station** product type to run the check. The following endpoints must be allowed on your network for the test to work: * speed.cloudflare.com * network-tester.support.verkada.com {% endhint %}