• NSX-T version 9.0 is being used.
• The NSX-T infra is Federated
• While checking the NSX-T UI in either Local Manager or Global Manager there are 0 stats displayed for the DFW/GFW rules 
• While checking the DFW/GFW stats for specific rules using API, the hit counts are incrementing

GET /policy/api/v1/infra/domains/default/security-policies/<PolicyID>/rules/<RuleID>/statistics

• From the ESX host the user observes that the DFW rule stats increment.
• From the NSX-T edge node the user observes the GFW rule stats increment.

VMware vDefend 9.0

• The DFW/GFW rule statistics are not displayed in the NSX-T UI due to API returning an incorrect enforcement_point information

Expected enforcement_point:  /global-infra/sites/site1/enforcement-points/default

Actual enforcement_point:  /infra/sites/default/enforcement-points/default

Important: The feature covered in this KB is owned by the ANS division. For cases matching this KB, transfer or clone the case to the ANS division. Do not suggest workarounds, recommend upgrades, or link this KB to the case without ANS TSE sign-off.
Support Product: VMware vDefend Firewall | Component: Distributed Firewall

This issue is resolved in VMware NSX-T version 9.0.1.0