For the core functionality of authentication the connection is performed from the connector to the Auth0 service which means that technically the machine where the connector is installed does not even need to accept inbound connections and only has to white list the outbound connection to the service.
In relation to the second question, yes, technically you can use any combination of the supported connections.