Confirm the discrepancies between Federated Global Manager UI and REST API by following the below procedures. 

Global Manager UI Location > NSX > Security > Distributed Firewall > General Firewall Settings > Distributed Firewall Service 

Activate Distributed Firewall Service Toggle shows off

REST API Shows Enabled

Verify that the field "enable_firewall" = true in site security settings of REST API

Run > GET https://nsx-manager/policy/api/v1/infra/settings/firewall/security

Return Output Shows

  ^{"idfw_enabled": false,}

  ^{"idfw_event_log_scraper_enabled": false,}

  ^{"idfw_loginsight_enabled": false,}

  ^{"resource_type": "DfwFirewallConfiguration",}

  ^{"id": "security",}

  ^{"display_name": "security",}

  ^{"path": "/infra/settings/firewall/security",}

  ^{"relative_path": "security",}

  ^{"parent_path": "/infra",}

  ^{"remote_path": "/orgs/default/projects/default/infra/settings/firewall/security/LocalManager",}

  ^{"unique_id": "#####-#####-#####-#####-#####",}

  ^{"realization_id": "#####-#####-#####-#####-#####",}

  ^{"owner_id": "#####-#####-#####-#####-#####",}

  ^{"marked_for_delete": false,}

  ^{"overridden": false,}

  ^{"enable_firewall": true,   <--------------------------- Set For True}

  ^{"disable_auto_drafts": false,}

  ^{"global_addrset_mode_enabled": true,}

  ^{"global_macset_optimization_mode_enabled": false,}

  ^{"_system_owned": false,}

  ^{"_protection": "NOT_PROTECTED",}

  ^{"_create_time": 0000000000,}

  ^{"_create_user": "system",}

  ^{"_last_modified_time": 0000000000,}

  ^{"_last_modified_user": "system",}

  ^{"_revision": 14}

End Of Output

This is due a discrepancy between Federation Global Manager UI and the API used to check for enabled DFW.  

Once the API UI conditions can be confirmed, please reach out to Broadcom Support team.