I guess it depends on what is sat at the other side of the firewall Eric. If there is a webserver for instance, then at least one port will be forwarded through the routers firewall and as such it makes sense to add a layer of security against 'drive-by' hackers. In my own case, I have to run fail2ban for my little 3 page site.
Quite why the HG612 should not like the firewall I have no idea, although to me it would make sense to use the ECI if it does not exhibit this behaviour.
To get to the bottom of it, I'd be putting Wireshark on the firewall and monitoring all the traffic on the incoming NIC with each modem connected in turn.