What causes Network Rule Violation?

The client IP address is not included in the account-level or user-level network policy IP allowlist. An egress network rule on the Snowflake account blocks outbound connections to external functions or external stages at the specified URL. A new VPN exit node or NAT gateway IP is not added to the Snowflake network policy after an infrastructure change. A Snowpark external function or UDF calls an endpoint blocked by the active egress network rules

How do I fix Network Rule Violation?

For ingress policy violations, identify the blocked IP and add it to the network policy: `ALTER NETWORK POLICY SET ALLOWED_IP_LIST = (..., ' /32')`.. For egress rule violations, check the active network rules: `SHOW NETWORK RULES` and `DESCRIBE NETWORK RULE `.. Use `SELECT SYSTEM$CURRENT_USER_TASK_GRAPH_RUN_STATUS()` or audit logs to identify which network rule triggered the block.. For VPN or NAT IP changes: update the Snowflake network policy immediately after infrastructure changes.. Temporarily test without network restrictions in a non-production environment to confirm the network rule is the cause.

High severitycredentials

Power BI Refresh Error:
Network Rule Violation

What does this error mean?

A Snowflake network policy or network rule blocked an incoming connection. The source IP address is not in the allowlist, or an egress network rule prevents Snowflake from connecting to an external endpoint.

Common causes

1The client IP address is not included in the account-level or user-level network policy IP allowlist
2An egress network rule on the Snowflake account blocks outbound connections to external functions or external stages at the specified URL
3A new VPN exit node or NAT gateway IP is not added to the Snowflake network policy after an infrastructure change
4A Snowpark external function or UDF calls an endpoint blocked by the active egress network rules

How to fix it

1For ingress policy violations, identify the blocked IP and add it to the network policy: `ALTER NETWORK POLICY <policy> SET ALLOWED_IP_LIST = (..., '<new_ip>/32')`.
2For egress rule violations, check the active network rules: `SHOW NETWORK RULES` and `DESCRIBE NETWORK RULE <rule>`.
3Use `SELECT SYSTEM$CURRENT_USER_TASK_GRAPH_RUN_STATUS()` or audit logs to identify which network rule triggered the block.
4For VPN or NAT IP changes: update the Snowflake network policy immediately after infrastructure changes.
5Temporarily test without network restrictions in a non-production environment to confirm the network rule is the cause.

Frequently asked questions

Can network policies be set at the user level and override the account policy?

Yes — a user-level network policy overrides the account-level policy for that user. Check both levels: `SHOW PARAMETERS LIKE 'NETWORK_POLICY' IN USER <user>` and `SHOW PARAMETERS LIKE 'NETWORK_POLICY' IN ACCOUNT`.