NAT & Firewall's only stop unsolicited requests from the outside world. It's entirely possible to install malware, viruses, trojans… when behind a router, other devices on that same network can also be compromised and can look for new targets on the same network. Once inside the network malware can reach out onto the internet the router/ firewall becomes irrelevant (they usually all allow traffic out, so incoming requests are no longer unsolicited).
I think this is the reason why the most recent malware for Macs have been in the form of trojans hidden inside legitimate installers (or pirated copies of legitimate apps).
Rapport appears to be an anti virus/ malware scanner that focuses on stopping financial service attacks. It also claims to stop phishing attacks. I'm not clear on how this is different to any other regular AV scanner (like ClamAV - a.k.a ClamXav for Mac) and using a site with correct https/ SSL setup. It also checks for known flaws that haven't been fixed (zero day exploits), which is something that ClamXav doesn't do.
Personally I don't like services that force software onto your machine just to complete one task, especially when it's web based anyway.
If you are paranoid you could create an OS installation just for banking tasks. On a removable disk install a clean OSX and install verified software updates from Apple…
http://support.apple.com/kb/HT5044
An 8GB memory stick should be enough for >10.7, but it will run slower than normal due to the lower read/write speeds. Older OS's need a bit more space IIRC.
Optionally install ClamXav or other scanner & enable all the security features you can - don't run as admin, disable opening downloads, enable built in firewall, enable secure virtual memory, even use File Vault if you want to protect the disk when not booted.
You could even install Rapport if you think it's necessary & safe.
Only use the 'clean system' for your banking tasks.
Linux Live CD's are ideal for this, so long as you verify the checksums of the source (so it hasn't been tampered with) and can work out how to open a browser in Linux. It's easier to grab a new installer as updates come out too.
It seems the bad guys are trying to exploit Rapport too…
https://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/
P.S.
It's probably worth checking the banking site uses SSL with Extended Validation (EV) and isn't being tampered with along the way.
https://www.grc.com/fingerprints.htm <- Steve Gibson checks & explains it all.
Re:co