Symptoms:
When VM names are used as security tags in NSX distributed firewall,
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x
To resolve this issue, use one of the these options:
For more information, see IP Discovery for Virtual Machines and Change IP Detection Type.
Note: If you enable ARP snooping and on some VM's, you have two IP address on same NIC, then spoof guard should be enabled.