At least with the one online multiplayer game I have used so far (Fast RMX) the only requirement for Nintendo Switch online multiplayer is static port outbound NAT. It did not appear to require UPnP, but it's safer to enable that in case another game needs it later.

So as with the Wii U, 3DS, and other similar consoles the best course of action is:

1. Set a static IP address for the device via DHCP static mappings

Status > DHCP Leases, find the device, click + to add a mapping, set a static address, save, etc.

2. Switch to Hybrid Outbound NAT

Firewall > NAT, Outbound tab

Select Hybrid Outbound NAT, Save

3. Add Outbound NAT rule

Firewall > NAT, Outbound tab

Click +

Set the console address as the source (Type = Network, then enter the IP address, pick /32 for the CIDR)

Check Static Port

Save/Apply

4. (Optional, So far) Enable UPnP & NAT-PMP

Enable UPnP & NAT-PMP

Allow UPnP Port Mapping

Pick External (WAN) and Internal Interfaces (LAN)

Set other options as desired

Save

EDIT: My son is using the Splatoon pre-release global test fire and the online multiplayer is working fine, still only using static port outbound NAT. No UPnP.

EDIT 2020-03-31: The same settings here do work for Animal Crossing: New Horizons. If you still receive errors, it may not actually be your firewall causing them, but the remote console or something in between.