in my opinion MPLS VPN has already some sort of a security model in regards to traffic isolation/segregation via RDs, what a firewall could do however is to do a more intelligent work like threat detection/virus scanning etc.
I agree with you and I guest from population’s point of view, how many organizations are your using a firewall between their MPLS VPN sites.
Your firewall is always better to be implemented from a Security Prespective to Protect your Local and DMZ Networks if you have any. the MPLS - VPN provides some sort of security but it's not enough if you have services to be protected in your Network.
Sent from Cisco Technical Support iPad App
Have you configured MPLS VPN or are you relying on the carrier?
If it's the carrier then it depends on how much you trust your carrier's security infrastructure as to whether you deploy a firewall as well.
You also need to consider what type of traffic traverses your WAN. If it is only encrypted to traffic such HTTPS, Secure FTP, SSL etc then this lessens the need for a firewall.