I have actually completely redone my network configuration. I run 4 VLANs now, LAN, GAMING, IOT, and DMZ. UPnP is only allowed on LAN and GAMING (soon to remove from LAN). It’s still a bit strange how it behaves, but at least I’m getting some UPnP action and Moderate/Open NAT for most things. I’m happy with how it’s performing, yet I’m still interested in figuring out why it doesn’t like to obey the UPnP deny entries.
