Network Requirements
ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory. For successful operation, certain network configurations and firewall permissions must be in place.
Default & Configurable Parameters
The ports and protocols listed in this document are default values.
E-Mail (SMTP), Syslog, and database connections are configurable according to your environment.
The ARKSSPR web application can be published via any custom port according to deployment requirements.
Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions.
Network Communication Requirements
Source
Direction
Destination
Protocol
Port(s)
Purpose
Internal ARKSSPR Server
-->
Internet (license.arksoft.com.tr
)
TCP
443
License validation
DMZ ARKSSPR Server
-->
Internal ARKSSPR Server
TCP
80, 443
Web traffic relay
Internal Clients
-->
Internal ARKSSPR Server
TCP
80, 443
User access to ARKSSPR portal
Internet Clients
-->
DMZ ARKSSPR Server
TCP
80, 443
External user access (if published)
Internal ARKSSPR Server (*)
-->
E-Mail Server
TCP
587
OTP emails Report Mails
Internal ARKSSPR Server
-->
Database Server
TCP
1433
Database connectivity
Internal ARKSSPR Server
-->
Syslog Server
UDP
514
Security and audit log forwarding
Internal ARKSSPR Server
<-->
SMS Provider
HTTPS (TCP)
443
Sending SMS-based OTP codes
(*)
Outbound SMTP port may vary depending on configuration (25, 465, or 587).
Additional Communication (Domain Integration)
Communication
Protocol
Port(s)
Purpose
ARKSSPR Web Server ↔ Active Directory DCs
LDAP / LDAPS
389 / 636
User authentication, password change/reset
ARKSSPR Web Server ↔ Active Directory DCs
Kerberos
88
Authentication and ticket granting
ARKSSPR Web Server ↔ Active Directory DCs
RPC / SMB
135, 445, dynamic 49152–65535
AD management operations
ARKSSPR Web Server ↔ NTP Server
NTP
123
Time synchronization
Firewall & Security Considerations
Restrict inbound access to ARKSSPR portal to authorized networks or VPN users.
Use LDAPS (636) instead of plain LDAP (389) where possible for secure directory communication.
For RPC dynamic ports, limit firewall rules to the necessary range.
Ensure TLS 1.2 or higher is enabled on the ARKSSPR server and client browsers.
High Availability / Load Balancer Notes
If deploying behind a load balancer, enable session persistence (sticky sessions).
All HA nodes must have identical firewall and port access configuration.
[User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs]
↘ SMTP(587*) → [Mail Server]
↘ HTTPS(443*) → [SMS Provider]
↘ HTTPS(443) → [License Server]
↘ Syslog(514*) → [Syslog Server]
↘ TCP(1433*) → [Database Server]
Last updated
Was this helpful?