Try to move HIPS firewall in Adaptive mode and check what kind of rule learned on affected machines.
Moved to Host Intrusion Prevention.
Check your firewall rules for the existence of a CAG (connection aware group) or LAG (location aware group). It is possible the configuration would have been set to require remote workers to connect to the corporate VPN first.
late response here, but figured I'd update in case anyone else ran across this issue...
This problem was indeed caused by HIPS. This was an issue with a bug on HIPS 8.0.2919 and was ultimately resolved by deploying this hotfix,which brought HIPS to version 8.0.2970.
In any case, there are later releases of HIPS now so people shouldn't have this issue, but in case you do...check out the hotfix.