Just Posting because all I found was useless information as to how to Create this error with firewall rules.
I was actually looking for a solution to losing connectivity to a Router that had not been created by a firewall rule.
When I came to it - Router one was there - with 2 Hotspots. hotspot 1 was un ping-able, hotspot 2 was ping-able, and accessible, as was the backhaul IP's.
WDS2 to Hotspots could ping both hotspots
WDS1 to that could not ping hs1 - but could ping hs2
Ethernet to Core not ping hs1 - but could ping hs2
WDS2 has a Hotspot on it also, however - all WDS on the units are done on a separate IP Range. WDS1 has no Hotspot - is purely to get Fibre Backhaul to WDS2.
Now the Solution... kinda
Turns out the IP address for HS1 had somehow been leaked into WDS2's Hotspot - and that Hotspot had not authed it, so it was not getting through. Not too sure how (hence the kinda), but removing the entry re-instated the link.
At this stage I must apologise for not noting whether of not the MAC of the address matched the HS1, or whether or not it had come from somewhere else. Either way, this will hopefully help someone begin to diagnose their problem, so they can get a solution down the track.