Network Requirements

ARKSSPR is a self-service password reset and account unlock solution that integrates with Active Directory. For successful operation, certain network configurations and firewall permissions must be in place.

Default & Configurable Parameters

The ports and protocols listed in this document are default values.
E-Mail (SMTP), Syslog, and database connections are configurable according to your environment.
The ARKSSPR web application can be published via any custom port according to deployment requirements.
Optional integrations (Syslog, remote DB, SMS) require corresponding outbound firewall permissions.

Network Communication Requirements

Source

Direction

Destination

Protocol

Port(s)

Purpose

Internal ARKSSPR Server

-->

Internet (license.arksoft.com.tr)

TCP

443

License validation

DMZ ARKSSPR Server

-->

Internal ARKSSPR Server

TCP

80, 443

Web traffic relay

Internal Clients

-->

Internal ARKSSPR Server

TCP

80, 443

User access to ARKSSPR portal

Internet Clients

-->

DMZ ARKSSPR Server

TCP

80, 443

External user access (if published)

Internal ARKSSPR Server (*)

-->

E-Mail Server

TCP

587

OTP emails Report Mails

Internal ARKSSPR Server

-->

Database Server

TCP

1433

Database connectivity

Internal ARKSSPR Server

-->

Syslog Server

UDP

514

Security and audit log forwarding

Internal ARKSSPR Server

<-->

SMS Provider

HTTPS (TCP)

443

Sending SMS-based OTP codes

(*) Outbound SMTP port may vary depending on configuration (25, 465, or 587).

Additional Communication (Domain Integration)

Communication

Protocol

Port(s)

Purpose

ARKSSPR Web Server ↔ Active Directory DCs

LDAP / LDAPS

389 / 636

User authentication, password change/reset

ARKSSPR Web Server ↔ Active Directory DCs

Kerberos

Authentication and ticket granting

ARKSSPR Web Server ↔ Active Directory DCs

RPC / SMB

135, 445, dynamic 49152–65535

AD management operations

ARKSSPR Web Server ↔ NTP Server

NTP

123

Time synchronization

Firewall & Security Considerations

Restrict inbound access to ARKSSPR portal to authorized networks or VPN users.
Use LDAPS (636) instead of plain LDAP (389) where possible for secure directory communication.
For RPC dynamic ports, limit firewall rules to the necessary range.
Ensure TLS 1.2 or higher is enabled on the ARKSSPR server and client browsers.

High Availability / Load Balancer Notes

If deploying behind a load balancer, enable session persistence (sticky sessions).
All HA nodes must have identical firewall and port access configuration.

[User Browser] → HTTPS(443*) → [ARKSSPR Web Server] → LDAP/LDAPS/Kerberos/RPC → [AD DCs]
                                                 ↘ SMTP(587*) → [Mail Server]
                                                 ↘ HTTPS(443*) → [SMS Provider]
                                                 ↘ HTTPS(443) → [License Server]
                                                 ↘ Syslog(514*) → [Syslog Server]
                                                 ↘ TCP(1433*) → [Database Server]

PreviousSQL Server Requirements NextDesign

Last updated 1 month ago

Was this helpful?