You can technically get a firewall capable of inspecting certain encrypted traffic (anything using SSL/TLS and going over the right ports). A $500 model would probably not do it well enough, and if you did find one that could then you'd have to pay the subscription fee to keep using it (and usually to get firmware updates). And depending on your Internet service and how fast your Wi-Fi devices are, pay even more to get one that could do it without reducing throughput of those connections. A tabletop device that can do 2.5Gbps pure throughput may be reduced to 300Mbps doing inspection and still cost over $1000 with just one year of the feature subscription; a rackmount unit capable of 6Gbps still might still not manage 1Gbps with inspection and cost $4000. And you'd need to install the SSL certificate from the firewall on all the devices to allow it to act as "man in the middle" in order to be able to do the inspection without triggering warnings in the browsers/apps.
The main purpose of these firewalls and the additional features over a basic router is not keeping outsiders from getting in. It's keeping YOUR devices from doing bad things, or accessing bad servers, through intrusion prevention, data loss prevention, malware scanning both in and out for web and email traffic, website filtering, geo-location, etc. Some of those are considered "basic" features that you can always have enabled while others are part of subscription packages for "full security". Now that nearly every website uses HTTPS and browsers are often set to block unencrypted sites by default (or at least warn the user), many of the features are much less useful without the higher level services and using deep packet inspection, and if they're using any other kind of encryption than TLS for the data then there's no way your firewall can detect or scan the content, even if you knew which ports to monitor. The vendors know that if you're concerned about that sort of thing you're probably running a big network and are going to be willing to drop a wad of cash every year to get whatever protection you can.
If you were running any kind of servers inside your network, so that you were using port forwarding or even routing a public subnet, then the firewall's features would also be able to protect from some inbound attacks on those ports while still passing legitimate inbound connections. Most of them also provide a VPN server and their proprietary client, or an open server with which you can use any client, so that you don't have to run that on a system behind your router and provide an attack surface.