Network Requirements

ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory. For successful operation, certain network configurations and firewall permissions must be in place.

Default & Configurable Parameters

  • The ports and protocols listed in this document are default values.

  • E-Mail (SMTP), Syslog, and database connections are configurable according to your environment.

  • The ARKSSPR web application can be published via any custom port according to deployment requirements.

  • Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions.

Network Communication Requirements

Source

Direction

Destination

Protocol

Port(s)

Purpose

Internal ARKSSPR Server

-->

Internet (license.arksoft.com.tr)

TCP

443

License validation

DMZ ARKSSPR Server

-->

Internal ARKSSPR Server

TCP

80, 443

Web traffic relay

Internal Clients

-->

Internal ARKSSPR Server

TCP

80, 443

User access to ARKSSPR portal

Internet Clients

-->

DMZ ARKSSPR Server

TCP

80, 443

External user access (if published)

Internal ARKSSPR Server (*)

-->

E-Mail Server

TCP

587

OTP emails Report Mails

Internal ARKSSPR Server

-->

Database Server

TCP

1433

Database connectivity

Internal ARKSSPR Server

-->

Syslog Server

UDP

514

Security and audit log forwarding

Internal ARKSSPR Server

<-->

SMS Provider

HTTPS (TCP)

443

Sending SMS-based OTP codes

(*) Outbound SMTP port may vary depending on configuration (25, 465, or 587).

Additional Communication (Domain Integration)

Communication

Protocol

Port(s)

Purpose

ARKSSPR Web Server ↔ Active Directory DCs

LDAP / LDAPS

389 / 636

User authentication, password change/reset

ARKSSPR Web Server ↔ Active Directory DCs

Kerberos

88

Authentication and ticket granting

ARKSSPR Web Server ↔ Active Directory DCs

RPC / SMB

135, 445, dynamic 49152–65535

AD management operations

ARKSSPR Web Server ↔ NTP Server

NTP

123

Time synchronization

Firewall & Security Considerations

  • Restrict inbound access to ARKSSPR portal to authorized networks or VPN users.

  • Use LDAPS (636) instead of plain LDAP (389) where possible for secure directory communication.

  • For RPC dynamic ports, limit firewall rules to the necessary range.

  • Ensure TLS 1.2 or higher is enabled on the ARKSSPR server and client browsers.

High Availability / Load Balancer Notes

  • If deploying behind a load balancer, enable session persistence (sticky sessions).

  • All HA nodes must have identical firewall and port access configuration.

[User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs]
                                                 ↘ SMTP(587*) → [Mail Server]
                                                 ↘ HTTPS(443*) → [SMS Provider]
                                                 ↘ HTTPS(443) → [License Server]
                                                 ↘ Syslog(514*) → [Syslog Server]
                                                 ↘ TCP(1433*) → [Database Server]

Last updated

Was this helpful?