"Detected systems" approach only works when you also installed rogue system detection (RSD), too. By defining subnets in Detected Systems you might just have prepared for RSD, and for the actions you can also define RSD should take in those subnets. As I understood, this is not the primary way of populating the ePO system tree (although it can be used for that), only a way to find systems that are not in the domain or Active Directory or within your view so there is no way to find them otherwise than catching them when they request IP address from DHCP or initiate traffic in subnets that the RSD sensor monitors.
The primary ways of populating the tree could be what alexn tried to hint at: collecting the NT domain tree or Active Directory tree or importing a text based list of systems. Please choose what is the most convenient way of gathering computers into your ePO tree.
Fetching systems from NT domain or AD might imply that you either have access to a domain controller or the AD server (also you can authenticate to fetch the list of such systems from AD), and also you know a global system administrator username and password that ePO can use to push and install agents onto these system that it has collected.
How does your firewall come into this issue? What firewall? The one that the ePO server operating system has?