Still trying to digest this patent application by Microsoft for a distributed firewall:

One or more devices on a network may be configured to provide firewall
     services for other devices on the network. Each of the firewall service
     suppliers may publish its capability with respect to firewall services
     and the service receivers may publish their requirements for firewall
     services. A manager function may broker the requests and offers to match
     services and requirements. A default firewall service may be provided to
     devices not publishing their requirements. Network topologies may be
     re-configured to first route traffic addressed to a device to its
     corresponding firewall service provider.

This sounds more like a dynamically configured firewall than a distributed one. I first thought the best use case would be to deal with mobile computing, but there you are better off with the firewall services right on the box, since you will inevitably find situations where there are no firewall services available.

The better use case is probably virtualization. With dynamic load balancing of VMs across physical systems, creating a specific firewall policy for each VM and allowing it to "check in" with the firewall service in the data center makes a lot of sense.