If you checked the logs (dfwpktlogs.log) could you see which firewall rule is hit by the traffic? Default rule?
Do you have VMware tools installed in the VMs?
If you don't have VMware tools, you may need to change IP detection type to ARP Snooping
Check the SpoofGuard and see if MAC address & IP address are detected by NSX
If you are on NSX 6.3, you can use Application Rule Manager to verify the rule too
Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization
Micro-segmentation of Applications using Application Rule Manager - Network Virtualization
Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw