If you’re adding a NAT port for any additional services besides HTTP/HTTPS or SSH traffic, additional ports have to be ‘allow listed’ under:

Group -> Devices -> Gateways ->Security -> Advanced -> ACL Allowlist

For ports using TCP, set protocol 6, and for UDP ports, use protocol 17 when adding additional rules.

This must be done in addition to modifying the WAN uplink policy with your destination NAT ACL.