A user has configured a specific distributed firewall rule preventing VM-A (172.16.10.11) on the Web-Logical
Switch to communicate to VM-B (172.16.20.11), running on the same switch. After the changes, the user is
still able to communicated to VM-A from VM-B.
To debug this anomaly, the user will need to obtain logs from which component?
A.
The Distributed Logical Router
B.
The Edge Services Gateway
C.
The appropriate ESXi Hosts(s)
D.
The appropriate NSX Controller(s)
Should be C
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2125437
Concur with C. NSX Controllers has nothing to do with DFW.
C is the right answer
I would check the router because the two hosts could be in different subnets, depending on the subnet mask which is not given in this question.