Showing results 1 to 1 of 1

Thread: Firewall prevented packet sent from PROFINET device to be received by PROFINET controller in zenon Logic

  1. #1
    Join Date

    Default Firewall prevented packet sent from PROFINET device to be received by PROFINET controller in zenon Logic

    When straton (zenon logic) is started the first time, the firewall configuration dialog pops-up. By default you allow connections for private Network but not for public networks.
    When using a second network card this connection is classified by default as public.
    As some profinet devices use different udp ports for receiving and sending data the firewall may treat responses as requests initited by the remote side and may reject them.
    It can be the case that larger packets are not rejected but smaller ones are.

    In the attached screenshot from wireshark you see a situation like this:
    The PROFINET device sends a "Connect response" but the zenon Logic runtime will never receive the packet because the firewall blocks it. As a result, the zenon Logic runtime will not send the subsequent "Control Request". As a further result the PROFINET device will trigger an Alarm (RTA error, RTA_ERR_CLS_PROTOCOL, Instance closed) and aborts the connection.
    To allow incoming UDP packets to pass the firewall open Windows Defender Firewall -> Advanced settings -> Inbound Rules and search for entry straton Runtime (Screenshot attached) and make sure you have selected the entry (several "straton Runtime" entries possible) with the zenon version you currently use (Path in column "Program"). Then doubleclick the entry and choose radio button "Allow the connection" and press OK. 
    If the entry does not exist create a new one by performing a rightclick on "Inbound Rules" -> "New Rule..." and choose the following:

    - Program
    - This program path: Enter path of StratonRT.exe
    - Allow the connection
    - Choose respective domain
    - Enter a name for the rule
    - Finish

    Statistics on rejected UDP datagrams can be retrieved using netstat -s

    Attached Thumbnails Attached Thumbnails WindowsDefender_InboundRules.png   Wireshark_ConnectResponse.PNG  

Similar Threads

  1. Replies: 0
    Last Post: 7th September 2018, 10:02
  2. Replies: 2
    Last Post: 27th August 2018, 10:08
  3. Communicate Zenon 6.22 SP1 runtime on a PC with S7 300 plc on PN /profinet port
    By ssmanku1699 in forum zenon Service Engine Supervisor
    Replies: 0
    Last Post: 17th June 2018, 13:22
  4. Profinet on 64 bit system
    By sldewit in forum Engineering Studio Logic & Logic Service (former zenon Logic Workbench & Runtime)
    Replies: 1
    Last Post: 5th July 2010, 23:44
  5. zenOn CE and PROFINET
    By sebastiank in forum zenon Service Engine Operator
    Replies: 0
    Last Post: 22nd October 2007, 08:19

Tags for this Thread

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts