SSH port forwarding was working, now it's not

I have a pair of CentOS7 servers in a production environment where the server on the internal network opens up an ssh SOCKS proxy tunnel to the server on the edge network to allow the internal server to reach external endpoint. This setup was working for a while, but now it seems it's not. The edge server has the following /etc/ssh/sshd_config file:

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Protocol 2
HostbasedAuthentication no
IgnoreRhosts yes

Ciphers aes256-ctr,aes128-ctr
MACs umac-64@openssh.com,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Match User update
   ChrootDirectory /opt/download
   X11Forwarding no
   ForceCommand internal-sftp
   AllowTcpForwarding no
Match User proxy
   X11Forwarding yes
   ForceCommand /sbin/nologin
   AllowTcpForwarding yes
   GatewayPorts yes
   PermitOpen any

And the internal server is creating the tunnel with the following command:

/usr/bin/ssh -NT -oServerAliveInterval=60 -oExitOnForwardFailure=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no proxy@10.99.0.6 -D 0.0.0.0:1080

When the internal server tries to use this tunnel:

curl -k -v --proxy socks5h://localhost:1080 https://external.host.name 

The connection fails, and the /var/log/secure file prints an error stating "refused local port forward". By all accounts, this should be working and in fact was in the past. I also ran setenforce 0 on the production edge server to take SELinux out of the equation but that made no difference. I copied the /etc/ssh/sshd_config file to my lab server and was unable to reproduce the issue. Both the lab server and the production server on the edge network are up to date on OS packages. The authorized_keys file for the proxy user doesn't have any options/directives attached to it. Also, the tunnel does work if I use the root user. What could be causing this?