I mean doesn’t strong encryption and certificate based authentication ensure complete security to IoT device?
Not at all. (Properly used) TLS only protects the communication against sniffing and modification. Mutual authentication only authenticates the IoT device against the server. None of this protects against bugs in the implementation, improper use of TLS, bugs in the server side which can be used to hijack clients, services which are exposed on the network, backdoors in some firmware you got from a third party, compromising the device with physical access etc.
But, an embedded firewall does not protect against most of these other threads either. If it makes sense to use one in your specific case depends on what the device actually does, what the threats are, what the attack surface of the device is and if a specific firewall implementation reduces the attack surface – none of this is known here.