I don't have a Redhat 7 machine at hand, so I can't show exact values. But:
When you log in, you usually get a rich environment for your convenience during interactive sessions. Depends on your setup, of course, because you can set any environment you want adding statements to /etc/profile, $HOME/.bashrc and in many more ways.
In contrast, when just issuing a remote command, you get a more minimum environment; some directories may not in your PATH environment variable e.g.
An easy way to see the different environments will be the following thwo sessions:
ssh $USER@$IP env
versus
ssh $USER@$IP
env
exit
You may start by comparing the PATH values and try running your command systemctl enable firewalld.service on the interactive shell, but after changing the PATH variable to the non-interactive variant of it.
If that doesn't give you a bingo yet, set the entire environment of your interactive session exactly as in the non-interactive version.
There's another difference for the ssh host command way: you don't get a tty; you see this issuing the command tty. Your interactive sessiong will answer something like /dev/pts/3, while ssh host tty will answer not a tty. I'm note aware of systemctl being dependent on a tty or even behave the slightes bit differently, but other commands it envokes may do so. You may require ssh to allocate a tty adding the -t switch like ssh -t $USER@$IP systemctl enable firewalld.service to see wether it makes a difference.
