# Network Requirements
ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory.\
For successful operation, certain network configurations and firewall permissions must be in place.
### **Default & Configurable Parameters**
* The ports and protocols listed in this document are **default values**.
* **E-Mail (SMTP), Syslog, and database connections** are configurable according to your environment.
* The ARKSSPR web application can be published via **any custom port** according to deployment requirements.
* Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions.
### **Network Communication Requirements**
| **Source** | **Direction** | **Destination** | **Protocol** | **Port(s)** | **Purpose** |
| ---------------------------- | ------------- | ----------------------------------- | ------------ | ----------- | ----------------------------------- |
| Internal ARKSSPR Server | --> | Internet (`license.arksoft.com.tr`) | TCP | 443 | License validation |
| DMZ ARKSSPR Server | --> | Internal ARKSSPR Server | TCP | 80, 443 | Web traffic relay |
| Internal Clients | --> | Internal ARKSSPR Server | TCP | 80, 443 | User access to ARKSSPR portal |
| Internet Clients | --> | DMZ ARKSSPR Server | TCP | 80, 443 | External user access (if published) |
| Internal ARKSSPR Server (\*) | --> | E-Mail Server | TCP | 587 | OTP emails
Report Mails
|
| Internal ARKSSPR Server | --> | Database Server | TCP | 1433 | Database connectivity |
| Internal ARKSSPR Server | --> | Syslog Server | UDP | 514 | Security and audit log forwarding |
| Internal ARKSSPR Server | <--> | SMS Provider | HTTPS (TCP) | 443 | Sending SMS-based OTP codes |
`(*)` Outbound SMTP port may vary depending on configuration (25, 465, or 587).
### **Additional Communication (Domain Integration)**
| **Communication** | **Protocol** | **Port(s)** | **Purpose** |
| ----------------------------------------- | ------------ | ----------------------------- | ------------------------------------------ |
| ARKSSPR Web Server ↔ Active Directory DCs | LDAP / LDAPS | 389 / 636 | User authentication, password change/reset |
| ARKSSPR Web Server ↔ Active Directory DCs | Kerberos | 88 | Authentication and ticket granting |
| ARKSSPR Web Server ↔ Active Directory DCs | RPC / SMB | 135, 445, dynamic 49152–65535 | AD management operations |
| ARKSSPR Web Server ↔ NTP Server | NTP | 123 | Time synchronization |
### **Firewall & Security Considerations**
* Restrict inbound access to ARKSSPR portal to authorized networks or VPN users.
* Use **LDAPS (636)** instead of plain **LDAP (389)** where possible for secure directory communication.
* For RPC dynamic ports, limit firewall rules to the necessary range.
* Ensure **TLS 1.2 or higher** is enabled on the ARKSSPR server and client browsers.
### **High Availability / Load Balancer Notes**
* If deploying behind a load balancer, enable **session persistence (sticky sessions)**.
* All HA nodes must have identical firewall and port access configuration.
```
[User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs]
↘ SMTP(587*) → [Mail Server]
↘ HTTPS(443*) → [SMS Provider]
↘ HTTPS(443) → [License Server]
↘ Syslog(514*) → [Syslog Server]
↘ TCP(1433*) → [Database Server]
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.arksspr.com/master/planning/network-requirements.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.