Until we add the state of the Firewall as a built-in item we scan for you can use the Registry scanner to get what you're looking for.
The information is in the Registry under the following key:
Create a scan profile (or edit an existing one) and add a Registry scanner with the following properties:
Once scanned your computers should have a couple of values from this key. One of them is called EnableFirewall with either a 1 (enabled) or 0 (disabled). You can create a collection to filter on this value like this:
Or build a report with this filter:
You should be good to go.
For your convenience you can find attached an export for the scanner, collection, and report which you can customize to your heart's desire.