Bit Defender Box 2 (vulnerability/firewall/anti virus) OR
AND/OF pfSense with SNORT (for intrusion detection) (powerful firewall)
OR Netgear Armor
https://www.netgear.com/landings/armor/default.aspx (basically bit defender)
OR Dojo. m (Not a bad firewall)
Or FingBox which has numerous reviews online, Intrusion detection and vulnerability analysis.
Norton Core router (Way overpriced)
Routers themselves aren't usually infected because the virus would have to be targeted for the hardware architecture. That doesn't mean hackers can't exploit known weaknesses in the software implementation though. What this means is once you power cycle, most hackers have to hijack your router again as it's not usually stored in non-volatile memory/ROM
By default leave all remote administration/access and UPnP off. And never ever log in from outside your network with admin credentials.
It all depends on what protection features you are after. That said I use pfSense with Snort/Darkstat and Bit Defender Box 2. I have more complex requirements than the Bit Defender Box 2 will support. But it's pretty good.
If you want all emcompassing virus protection through you'll have to pay for it. I managed to snag bit defender box 2 for $129/year which has unlimited bitdefender (android/pc/mac/iOS) licenses and protects everything on my network. But it is very limited in it's capabilities. You'll loose functionality like port forwarding, dmz, qos, etc. It's a DPI inspection firewall that also looks for klnown vulnerabilities. It's pretty braindead, but does what's it's designed for well.
But for QOS and Port Forwarding/DMZ/network monitoring, I set up a pfSense box.