I have an FTTH GPON connection as well with a bridged ONT (simple media converter).
The problem with manual port forwarding is you need to bind each device in your home with a static IP and then you need to manually add port forwarding rules for each of the ports you require, each protocol, each static IP, service etc.
If you’re a fairly advanced sysadmin in your home, I suggest you use UPnP.
I have been malware/virus free on all my systems for over 10 years and have been using UPnP for just as long, I never had any botnets/malware/attacks going through UPnP.
However, one problem still remains: Misbehaving applications. Many applications require port forwarding but do not make use of UPnP like Epic Games Launcher or Fortnite, in such case you can manually add port forwarding rules for a few such applications in your systems.
I am assuming you are not behind a CGNAT/NAT64 ISP as this suggested you to check: https://forum.mikrotik.com/viewtopic.php?f=13&t=163109&p=803876#p803875
If you’re behind CGNAT/NAT64, kiss bye-bye to port forwarding.