Repo for third-party team to work and sync their changes

I need to set up a Gitlab repository for third-party team in separate VPN and get their changes in our on-prem gitlab instance.
Can some please help me with below queries, if already came across ?
• Which, inbound or outbound ports to get opened for 3rdparty repo mirror sync
• Whether its TCP or UDP
• PlanA: Local on-prem Gitlab instance <-> Gitlab.com (mirror)
• PlanB: Local on-prem Gitlab instance <-> Another local on-prem Gitlab instance
• pros and cons b/n A and B
• Licensing costs or changes
Thank you.