Network Requirements

ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory. For successful operation, certain network configurations and firewall permissions must be in place.

Default & Configurable Parameters

• The ports and protocols listed in this document are default values.

• E-Mail (SMTP), Syslog, and database connections are configurable according to your environment.

• The ARKSSPR web application can be published via any custom port according to deployment requirements.

• Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions.

Network Communication Requirements

(*) Outbound SMTP port may vary depending on configuration (25, 465, or 587).

Additional Communication (Domain Integration)

Firewall & Security Considerations

• Restrict inbound access to ARKSSPR portal to authorized networks or VPN users.

• Use LDAPS (636) instead of plain LDAP (389) where possible for secure directory communication.

• For RPC dynamic ports, limit firewall rules to the necessary range.

• Ensure TLS 1.2 or higher is enabled on the ARKSSPR server and client browsers.

High Availability / Load Balancer Notes

• If deploying behind a load balancer, enable session persistence (sticky sessions).

• All HA nodes must have identical firewall and port access configuration.

[User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs]
                                                 ↘ SMTP(587*) → [Mail Server]
                                                 ↘ HTTPS(443*) → [SMS Provider]
                                                 ↘ HTTPS(443) → [License Server]
                                                 ↘ Syslog(514*) → [Syslog Server]
                                                 ↘ TCP(1433*) → [Database Server]