Logon Events

We are implementing a Barracuda Web Filter in our network and for us to be able to get this to work right with Authenticated users the Barracuda looks at the DC Security log where it tracks Events 4624 Logons. My problem is that some of my clients are logging their Source IP Address wrong and I am hoping someone can tell me why. My DC (10.10.21.21) is on a 10.10.21.x subnet and my clients are on 10.10.22.x subnet. Some of my clients are logging their Source IP in the 4624 Event but others are logging an IP of the Gateway 10.10.22.2 which is our Sonic Wall Router. Any ideas why this is happening? Below are 2 event ID's showing what I am talking about.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          12/16/2013 10:32:44 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      IRA.hrm.lan
Description:
An account was successfully logged on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   3

New Logon:
 Security ID:  KITCHEN\dbradshaw
 Account Name:  dbradshaw
 Account Domain:  KITCHEN
 Logon ID:  0x5003939
 Logon GUID:  {f5a5d0bb-0f07-e1fd-152b-b01ab9fd9cc5}

Process Information:
 Process ID:  0x0
 Process Name:  -

Network Information:
 Workstation Name: 
 Source Network Address: 10.10.22.2
 Source Port:  23951

Detailed Authentication Information:
 Logon Process:  Kerberos
 Authentication Package: Kerberos
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          12/16/2013 10:32:37 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      IRA.hrm.lan
Description:
An account was successfully logged on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   3

New Logon:
 Security ID:  KITCHEN\ACCOUNTING01G$
 Account Name:  ACCOUNTING01G$
 Account Domain:  KITCHEN
 Logon ID:  0x4fd4f7b
 Logon GUID:  {74bc51e7-96c8-ca1c-7827-8f17ec861411}

Process Information:
 Process ID:  0x0
 Process Name:  -

Network Information:
 Workstation Name: 
 Source Network Address: 10.10.22.115
 Source Port:  55678

Detailed Authentication Information:
 Logon Process:  Kerberos
 Authentication Package: Kerberos
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0