I looked in the firewall of my wireless router Hitron model CGN3ACSMR. There are four possible settings. The default setting that is already set is 'Minimum'. Please see the attachments showing all four settings with their default appearances (with no tweaks by me). Would you recommend that I select a different setting for better security or remain with the default setting 'Minimum'. Thank you
keep it at minimum. otherwise you might experience packet loss or connection issues. you wouldn't gain any extra security with medium or maximum sec.
If these settings do not provide extra security, could you please tell me the reason that these are offered by the router manufacturer?
those settings are more for network control than for security. e.g. to restrict vpn usage or torrent usage on your network, etc. it's not a "real" fw.
Thank you for your help. I am somewhat confused here. You say "it's not a "real" fw". I have read somewhere that the router firewall can be configured to make it a very strong firewall that will protect the computer from most of the known intrusions. Have I understood this wrong?
"real" fw = dedicated hw fw. routers have weak cpu's and low ram compared to dedicated hw fw devices. they're network devices, not security devices. a router, as the name suggests, is a device that routes network traffic to and from your devices and its weak cpu and low ram are barely enough to do its job. it doesn't have enough power to perform deep packet inspection and provide antivirus protection etc. that a dedicated hw fw is capable of. dedicated hw fw devices have powerful cpu's and are high on ram to perform these tasks. but a home user shouldn't need them. you're just fine with your current config.
Just to get this straight - does the router firewall not block any intrusion at all. Not even a really suspicious one?
The router blocks all connection attempts that are not an answer to a request initiated from your LAN.
it does but it's not "smart" enough to perform dpi and such. it just blocks whatever it's told to block as @Joxx noted. and this gives you the same protection you'd get from a sw fw. hence "it's not a real hw fw".
CPE provided by your ISP the settings cannot be changed, if anything you'll have minimal control. CPE ISP equipment as others stated is for connectivity. If you want security beyond what your ISP attempts to provide (which is CRAP) then you need to provide the hardware/software yourself.