uPNP is not something that can be allowed through the firewall. As it is inherently insecure, you would need to do 1-to-1 NAT to get the full capabilities of the Xbox/PS platforms. Without the 1-to-1 NAT, you'll still be able to get online to download updates or new games, browse the respective marketplaces, etc., but you won't be able to host a multiplayer game (unless something has changed in the last couple years that I'm not current on).
There's an article about it if you want to take a look:
https://live.paloaltonetworks.com/t5/Management-Articles/Palo-Alto-Networks-Firewalls-gaming-consoles-xbox-Playstation/ta-p/54848
Cheers,
Greg
... View more