In VSE for MAC the Firewall is installed by default as it is integrated in the product so all your MAC computers will have it.
The policy that you are checking is HIPS that is completelly diferent product that VSE MAC (Firewall).
To check and disable Firewall for mac go to the VSE MAC policy and you will find in one of the tabs the option for the Firewall.
The Firewall policies for the imbedded desktop firewall insite McAfee Endpoint Protection are managed via the HIPS Policies (it's all clearly mentioned in the documentation of the product)
There seems to be an issue with the Management Agent syncing the Desktop Firewall (HIPS) policies. (I've created a support ticket, for the issue and it's already confirmed there is an issue with the Agent & syncing the FW properties, all other properties (anti malware & application protection) are syncing correctly) atm it's escalated to Tier level 2 support.
If you only want the Anti Malware product (IE Virusscan for Mac) and you dont want/use Application protection or the Firewall (HIPS),you could remove "McAfee Endpoint Protection for Mac <build>" and just deploy "McAFee Endpoint Protection for Mac - AV <build>" which only installs the Anti Malware components and products.