Here are steps I have taken to enable UPnP for my Xbox.
1) Install os-upnp plugin.
Under System -> Firmware -> Plugins, look for os-upnp and install this plugin if you haven't already done so.
2) Give your XBox a static IP.
You can either do this by manually assigning an IP to your XBox, or by using reserved IP option.
3) Enable UPnP Service
Under Services -> Universal Plug and Play, enable options as shown in the diagram below. Use the IP you set in (2) for the masked part.
4) Create an Aliases for devices intending to use UPnP
Under Firewall -> Aliases, create an alias as below. In the content box, enter the IPs of devices which are intending to use the UPnP service.
6) Add the manual rule for port forward
Under Firewall -> NAT -> Outbound, add a manual rule similar as shown in the diagram.
With the setup above, your Xbox should show its NAT state as Open. (you may need to reboot your XBox)
The above tutorial is based on an article I found at:
https://www.tweaking4all.com/network-internet/pfsense-strict-nat-xbox-one/
Hope you find this useful.
