When straton (zenon logic) is started the first time, the firewall configuration dialog pops-up. By default you allow connections for private Network but not for public networks.

When using a second network card this connection is classified by default as public.

As some profinet devices use different udp ports for receiving and sending data the firewall may treat responses as requests initited by the remote side and may reject them.

It can be the case that larger packets are not rejected but smaller ones are.

In the attached screenshot from wireshark you see a situation like this:
The PROFINET device sends a "Connect response" but the zenon Logic runtime will never receive the packet because the firewall blocks it. As a result, the zenon Logic runtime will not send the subsequent "Control Request". As a further result the PROFINET device will trigger an Alarm (RTA error, RTA_ERR_CLS_PROTOCOL, Instance closed) and aborts the connection.
To allow incoming UDP packets to pass the firewall open Windows Defender Firewall -> Advanced settings -> Inbound Rules and search for entry straton Runtime (Screenshot attached) and make sure you have selected the entry (several "straton Runtime" entries possible) with the zenon version you currently use (Path in column "Program"). Then doubleclick the entry and choose radio button "Allow the connection" and press OK.
If the entry does not exist create a new one by performing a rightclick on "Inbound Rules" -> "New Rule..." and choose the following:

- Program
- This program path: Enter path of StratonRT.exe
- Allow the connection
- Choose respective domain
- Enter a name for the rule
- Finish

Statistics on rejected UDP datagrams can be retrieved using netstat -s