IP Address for Whitelisting

I am trying to establish a resource connection to Snowflake. We have whitelisted the set of IP addresses you identify on this help center document. However, we are seeing connections initiated from 44.210.125.249.

image

Can you help me confirm the comprehensive set of addresses we should be whitelisting as source addresses from Retool please?

Just to add some additional context... these are the IP addresses listed in the help center document. You can see that 44.210.125.249 is not included in that list.

  • 3.77.79.249
  • 3.77.79.250
  • 35.90.103.132
  • 35.90.103.133
  • 35.90.103.134
  • 35.90.103.135
  • 44.208.168.68
  • 44.208.168.69
  • 44.208.168.70
  • 44.208.168.71

I am still struggling with this - is there anyone from the Retool team who can confirm this information?

Hi @Checkr_Chris,

Thanks for reaching out! I'm looking into this. I haven't found references to that IP address internally. The IP addresses listed in the docs are the only IP addresses you should need :thinking: Is this for your Cloud account?

This is a Cloud account, yes.

I'll circle back with our data engineers for some further logging and re-post next week.

Hi @Tess, we were able to re-try the OAUTH connection and are continuing to see a 44.210.125.249 IP address as the source. We are 100% confident that this IP address part of the oauth process when trying to establish the trust relationship between Snowflake and REtool.

We're not sure how to continue diagnosing this, so I need to ask ... Is there someone at Retool we can get on a Zoom call with to review our oauth setup and see if there's something funky in the way we set it up?

Screenshot 2024-11-18 at 3.09.07 PM

Still struggling with how to move past this. Anyone have any thoughts?

Our team is looking into this, but so far, we haven't been able to reproduce any issues with Snowflake + Oauth :thinking: We also haven't been able to track down why this IP address is mentioned.

If you can share more screenshots of how the resource is set up, that could help us try to re-create this. For troubleshooting, I'd be curious if you are able to connect to Snowflake using username & password

I'm not sure if we will be able to fully solve it on the call, but you're welcome to join group office hours so that we can take a closer look

Adding a screenshot of the oAuth setup on the Retool side with selected fields blurred for security.

I joined office hours today - thanks to your team for taking a look and committing to follow-up on this.

1 Like

Thanks for joining office hours today, @Checkr_Chris! And for sharing the configuration details of your Snowflake resource. Nothing jumps out to me as particularly suspicious. :thinking:

After our meeting this morning, I talked to the team that works most closely with our cloud infrastructure; they're pretty sure the IP you're asking about is not one of ours. Additionally, I spent some time this afternoon setting up my own Snowflake OAuth integration, which worked as expected with just the listed addresses added to the allowed_ip_list.

It doesn't feel like we made a ton of progress towards identifying the root issue here, but will pick it back up early next week!

1 Like

Hey @Darren - appreciate your follow-up! I think you are saying this, but want to make sure... When you connected to Snowflake, you do have IP restrictions enable on the Snowflake side, and you only permitted the set of known IPs from your document into that list?

We're taking a look at a couple of elements on our side as well that might be contributing. Really appreciate you all continuing to test.

1 Like

Ok, it turns out that the problem was a transparent proxy that was installed on our client systems which was proxying traffic and causing the oauth flow to appear to come from a different IP.

Many thanks for your pointers and patience!

Hi @Checkr_Chris I'm so glad to hear it's resolved! :tada: Thanks so much for sharing