Mine's set to medium, but I seem to be able to connect out to a service running on ports 2087 & 2083 (cPanel server control panel login), which aren't listed as allowed.
Thats because its outgoing to incoming the SH1 did both outgoing to incoming and incoming to outgoing but many complained so SH2 and SH2ac just does incoming to outgoing which people still complain because the so called firewall overrides port forwarding and DMZ so people wanting ports outside the High & Medium can't have it on High & Medium.
NAT without port forwarding and DMZ drops incoming to outgoing with the firewall set to off or low anyway....so really the firewall on the super hub in router mode not being configurable is pointless.
I'd just like to know that the firewall is doing its job really. On medium, I'd expect all ports but those detailed in the post I linked to to be blocked. So how come I can open a browser session on port 8023? That suggests to me that I can't rely on the firewall to do what I'd expect.