I think you are probably making this more complicated than it has to be.
Unless you have multiple routes to the remote site then both the node and the firewall would show as down when the firewall goes down, so your first scenario will never exist.
The second scenario is effectively just a node down alert for the far end server.
For Solarwinds purposes it is near impossible to differentiate between a node that is down due to the server dying versus a server that is "down" due to a network outage. In all cases a down status really means "You polling engine cannot ping this device"
You might have better luck creating a netpath monitor to particular endpoints to get a sense of where the break in the line sits but it will never tell you anything about what is on the other side of your point of failure.