• Host is prepared for Networking and Security.
• VM Groups are created based upon tags to apply DFW rules.
• When VMs are attached to dvpg their IP addresses are not present when viewed under 'Groups'
• When checking the same VM in Inventory > Virtual Machines we can see the IP address of VM. Due to this DFW rule is not getting applied to VMs attached to DVPortgroup.
• When VMs are attached to NSX port-groups this issue is not observed.
  
  
  
  

VMware NSX-T 3.x
VMware NSX 4.x

In the case of Network & Security installation, NSX features are available only for VMs that are connected to NSX managed segments. If a VM is connected to vSphere DVPortgroup, then NSX does not create or manage the corresponding port.

This is expected behaviour.

Workaround:
To enable NSX features on VMs connected to DVPortgroup, the Security Only mode of installation must be used for the corresponding cluster. NSX does not support distributed firewall configuration on both NSX-portgroups and DVPortgroups in the same cluster.