Coturn behind NAT, correct firewall setting for a range of ports

[Sirpion]

Many recommendations say that for Coturn to work correctly, it is necessary to allow connections to the following ports (49152-65535) on the public IP address.

But there is information that Coturn (+SFU) can work with one public open port:

https://nextcloud-talk.readthedocs.io/en/latest/TURN/

The High Performance Backend uses a certain range of ports for WebRTC media connections (20000-40000 by default). A client could be behind a restrictive firewall that only allows connections to port 443, so even if the High Performance Backend is publicly accessible the client would need to connect to a TURN server in port 443, and the TURN server will then relay the packets to the 20000-40000 range in the High Performance Backend.

https://doc.quobis.com/ga/_downloads/d12076cb1871bf381f1caaa831da2a3e/sippo-wac-admin-guide-v4.1.pdf

ORIGIN ORIGIN	PORT	DESTSERVICE	DESTPORT	PROTOCOL	DESCRIPTION	REQUIRED
ucclient	n/a	turn-server	443	TCP	Media traffic	Yes
turn-server	n/a	sfu	10000-18000	UDP	Internal media traffic	Yes

Visualization of the required operating mode:
https://www.twilio.com/docs/video/networking-considerations#2-udp-traffic-blocked-on-ports-10000---60000-but-allowed-on-port-3478

1. Will a scheme with one open port (example 3478) for external access (incoming connections) to the Coturn public IP address work?
2. If yes, can you provide a link to an example working configuration with one port allowed (+SFU)?