Hello,
The firewalls on both Branch sides have the routes, I agree. Based on your post earlier, I understand that the Branch firewall was forwarding the pings but workstation was not responding to the pings, which seems because the workstation will not be responding to any traffic other than those to which it has a route.
NAT is not madatory for Hub and Spoke scenario. But when one Spoke side workstations/hosts dont know how to reach to other Spoke subnet, then a NAT is needed.
Thanks,
Pranita