This sounds very strange.
How long have you had the equipment live? And has this happened from the very start of use?
There's no "normal" reason for this. You could post your entire controller config which might help spot anything important/relevant?
When you see the issue, does the client still have an ARP entry for the Sonicwall (which I assume acts as the user's default gateway)?
As an extension to the last question, does the issue affect ALL types of traffic destined to the internet? Like HTTP, ICMP and FTP?