If you can't publish firewall rules to hosts, perform a force sync.

Force sync is used when you need to synchronize the firewall rules on an individual host with the NSX Manager.

Procedure

  1. In the vSphere Web client, navigate to Networking & Security > Installation and Upgrade > Host Preparation.
  2. Select the cluster you want to force sync, then click Actions (Actions) > Force Sync Services.
  3. Select Firewall from the services to force sync. Click OK.
    The Firewall status changes to Busy while syncing.