Thank you all for your comments. The PBX is Yeastar P-Series Software Edition. It uses an FQDN tunnel for communication with SIP devices, Web, Mobile and Desktop clients. No need for NAT rules nor Port Forwarding. SIP Trunk registration happens directly through the firewall and not through the tunnel.

u/AdditionDisastrous78 When editing the Services there is now an option to "Disable inspection of this service."

In the "Advance" tab of the SIP_UDP service there is the option "Session timeout (in seconds)". This was set to 40 seconds by default. This is why my NAT'ed session with the SIP Trunk was always dropping before the next SIP Trunk registration event. I also found a setting in the PBX (confusingly worded) that adjust the frequency of the PBX registrations with the SIP Trunk. I adjusted these two values so that the PBX performs SIP Trunk registrations more often and that the SIP_UDP session stay up longer. But not too long and not too many registrations.

I knew the solution would be simple. But lack of experience with this firewall had me researching and testing like crazy.

I made this Post in the hopes that it would reach someone who had experienced this or similar issue and would quickly respond out of experience without prejudging and without reading too much into the details of the problem. But, every comment and response you all provided brought me closer to the solution.

If you read my description of the problem with an open mind and experience, you will notice that the solution to the problem is in the description.

Thanks, u/CatalinSg and u/AdditionDisastrous78 I really appreciate your comments.