This is an expected behaviour for vRealize Log Insight in use with NSX.
To work around this issue, exclude the virtual machines that are part of the vRealize Log Insight cluster from VMware NSX Distributed Firewall Protection by following the below steps.
For NSX-T: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-3B3C278D-4E35-4CE9-A4E2-ED6B1F25ABCE.html
For NSX-V: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.install.doc/GUID-C3DDFBCE-A51A-40B2-BFE1-E549F2B770F7.htm
After following the steps relevant to your version of NSX above, it is necessary to perform a reboot of all nodes in the vRealize Log Insight cluster.
Note: A service restart will not suffice here, a reboot is required.