Alright, reissued server side certs, reissued WAF certs, bypassed Cloudflare, direct IP to server from WAN, tried different ports, tried different application versions, tried getting fancy with the NAT'ing, disabled the firewall, modified the firewall, dropped in a different OU to disable all...