Reviewing the .CVS file created by NSX > UI > Security > Distributed Firewall > Actions > Export FW Configuration doesn't have Source and Destination groups populated.   

NSX 3.x

This occurs because NSX 3.x FW Configuration export doesn't pull Source and Destination information from the rules.

You can workaround this issue by using a CURL command directly in 3.x NSX Manager.

• First, SSH into NSX Manager as root (Running API/CURL in NSX Manager will require the admin account credentials)
• Second, run this CURL command = curl -k --user admin --request GET 'https://localhost/policy/api/v1/infra?filter=Type-Domain%7CGroup%7CSecurityPolicy%7CRule%7CPolicyContextProfile%7CService' > /tmp/dfw_new_config.json
• Third, export dfw_new_config.json off the NSX manager and convert to .CSV with a tool
• Last, pull the Source and Destination Group information to combine with the original FW export from NSX manager.

How to export/import a .CVS file for DFW rule configuration 
Import/Export Configuration 3.x
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/nsxt-dc/3-2/administration-guide/security/distributed-firewall/export-or-import-a-firewall-configuration.html
Import/Export Configuration 4.x
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/administration-guide/security/distributed-firewall/export-or-import-a-firewall-configuration.html