# Network Requirements ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory.\ For successful operation, certain network configurations and firewall permissions must be in place. ### **Default & Configurable Parameters** * The ports and protocols listed in this document are **default values**. * **E-Mail (SMTP), Syslog, and database connections** are configurable according to your environment. * The ARKSSPR web application can be published via **any custom port** according to deployment requirements. * Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions. ### **Network Communication Requirements** | **Source** | **Direction** | **Destination** | **Protocol** | **Port(s)** | **Purpose** | | ---------------------------- | ------------- | ----------------------------------- | ------------ | ----------- | ----------------------------------- | | Internal ARKSSPR Server | --> | Internet (`license.arksoft.com.tr`) | TCP | 443 | License validation | | DMZ ARKSSPR Server | --> | Internal ARKSSPR Server | TCP | 80, 443 | Web traffic relay | | Internal Clients | --> | Internal ARKSSPR Server | TCP | 80, 443 | User access to ARKSSPR portal | | Internet Clients | --> | DMZ ARKSSPR Server | TCP | 80, 443 | External user access (if published) | | Internal ARKSSPR Server (\*) | --> | E-Mail Server | TCP | 587 |

OTP emails
Report Mails

| | Internal ARKSSPR Server | --> | Database Server | TCP | 1433 | Database connectivity | | Internal ARKSSPR Server | --> | Syslog Server | UDP | 514 | Security and audit log forwarding | | Internal ARKSSPR Server | <--> | SMS Provider | HTTPS (TCP) | 443 | Sending SMS-based OTP codes | `(*)` Outbound SMTP port may vary depending on configuration (25, 465, or 587). ### **Additional Communication (Domain Integration)** | **Communication** | **Protocol** | **Port(s)** | **Purpose** | | ----------------------------------------- | ------------ | ----------------------------- | ------------------------------------------ | | ARKSSPR Web Server ↔ Active Directory DCs | LDAP / LDAPS | 389 / 636 | User authentication, password change/reset | | ARKSSPR Web Server ↔ Active Directory DCs | Kerberos | 88 | Authentication and ticket granting | | ARKSSPR Web Server ↔ Active Directory DCs | RPC / SMB | 135, 445, dynamic 49152–65535 | AD management operations | | ARKSSPR Web Server ↔ NTP Server | NTP | 123 | Time synchronization | ### **Firewall & Security Considerations** * Restrict inbound access to ARKSSPR portal to authorized networks or VPN users. * Use **LDAPS (636)** instead of plain **LDAP (389)** where possible for secure directory communication. * For RPC dynamic ports, limit firewall rules to the necessary range. * Ensure **TLS 1.2 or higher** is enabled on the ARKSSPR server and client browsers. ### **High Availability / Load Balancer Notes** * If deploying behind a load balancer, enable **session persistence (sticky sessions)**. * All HA nodes must have identical firewall and port access configuration. ``` [User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs] ↘ SMTP(587*) → [Mail Server] ↘ HTTPS(443*) → [SMS Provider] ↘ HTTPS(443) → [License Server] ↘ Syslog(514*) → [Syslog Server] ↘ TCP(1433*) → [Database Server] ```