diff --git a/.changelog/15732.txt b/.changelog/15732.txt
new file mode 100644
index 00000000000..b9e285e0e94
--- /dev/null
+++ b/.changelog/15732.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+docker: configure restart policy for bridge network pause container
+```
diff --git a/drivers/docker/network.go b/drivers/docker/network.go
index 13b3e6b73f9..71a9ab512f3 100644
--- a/drivers/docker/network.go
+++ b/drivers/docker/network.go
@@ -130,6 +130,12 @@ func (d *Driver) createSandboxContainerConfig(allocID string, createSpec *driver
 			// Set the network mode to none which creates a network namespace
 			// with only a loopback interface.
 			NetworkMode: "none",
+
+			// Set the restart policy to unless-stopped. The pause container should
+			// never not be running until Nomad issues a stop.
+			//
+			// https://docs.docker.com/engine/reference/run/#restart-policies---restart
+			RestartPolicy: docker.RestartUnlessStopped(),
 		},
 	}, nil
 }
diff --git a/drivers/docker/network_test.go b/drivers/docker/network_test.go
index 4b1ccd5179d..80c235cf8e4 100644
--- a/drivers/docker/network_test.go
+++ b/drivers/docker/network_test.go
@@ -28,7 +28,8 @@ func TestDriver_createSandboxContainerConfig(t *testing.T) {
 					Image: "gcr.io/google_containers/pause-amd64:3.1",
 				},
 				HostConfig: &docker.HostConfig{
-					NetworkMode: "none",
+					NetworkMode:   "none",
+					RestartPolicy: docker.RestartUnlessStopped(),
 				},
 			},
 			name: "no input hostname",
@@ -45,7 +46,8 @@ func TestDriver_createSandboxContainerConfig(t *testing.T) {
 					Hostname: "linux",
 				},
 				HostConfig: &docker.HostConfig{
-					NetworkMode: "none",
+					NetworkMode:   "none",
+					RestartPolicy: docker.RestartUnlessStopped(),
 				},
 			},
 			name: "supplied input hostname",