The first point, if you want a campus wide MPLS network to support L2 and L3VPN's then really you need all your core routers to be capable of running MPLS. Its possible to run MPLS over GRE tunnels, but as this is a core network you should not consider going down that path. And if you started passing traffic in GRE tunnels through the firewall, well what use is it then??
The second point, why would you even think of using your firewalls as the core routers, far better to use them to do their main task of securing the network, and let a router do the routing. This brings a number of benefits, a more logical design structure and mpls support.