Having two hubs, one in West US 2 and one in North Europe, is a good approach for your scenario. This will ensure that your remote locations are connecting to the hub that is closest to them, which can help to reduce latency and improve performance.
Regarding Azure Firewall, you can deploy two Azure Firewalls, one in each region, and then configure them to work together in an active-standby or active-active configuration. This will provide redundancy and ensure that traffic can be routed through the available firewall in case one of them fails. Alternatively, you can also consider deploying Azure Firewall in a centralized manner, which means deploying it in one of the hubs and then routing all traffic through it using User-Defined Routes (UDRs). This approach can help to simplify management and reduce costs, but it may not be suitable if you have specific compliance or regulatory requirements that mandate traffic to be routed locally.
Please mark if my answer is helpful :-)