Proxmox VE 9 – Management Network Connectivity Loss After Firewall Failover / Reload

[powersupport]

Hi all,

We are experiencing an issue on several Proxmox VE 9 nodes where management network connectivity is lost following a firewall failover, firewall reload, or temporary firewall service interruption on our Palo Alto PA1410 HA pair.

Symptoms:

• The affected Proxmox node becomes unreachable via the management network (Web UI and SSH).
• The node is unable to ping or communicate with its configured default gateway.
• The issue occurs only after firewall-related events (HA failover, reload, service restart, etc.).
• The node itself remains operational; only management network connectivity is affected.

Current Workaround:

systemctl restart networking

Running the above command immediately restores connectivity to the gateway and management network.

Environment:

• Proxmox VE 9
• Management network connected through a Palo Alto PA1410 HA pair
• Issue observed multiple times after firewall failover/reload events

Questions:

1. Has anyone encountered similar behavior on Proxmox VE 9?
2. Could this be related to ARP/neighbor table handling, Linux bridge behavior, bonding, or another networking component?
3. Are there any known fixes, kernel updates, or network tuning recommendations to prevent manual networking restarts after firewall failovers?

Any guidance on troubleshooting steps or similar experiences would be greatly appreciated.

Thanks.

 

[shanreich]

Could this be related to ARP/neighbor table handling, Linux bridge behavior, bonding, or another networking component?

I suspect this to be the case, do the firewalls have the same MAC address? How does failover happen exactly? Is it VRRP or something else?
You could verify if it's related to ARP / neighbor table entries by flushing the neighbor table instead of reloading the network configuration.