My experience is mostly SEP 11, with a little SEP 12.1
1. The GUP must have the same Liveupdate policy as the clients it serves.
2. The GUP can be in a different Group, providing it uses the same Liveupdate policy as its clients (as 1. above). eg, we successfully use servers (in a Servers Group) as GUPs, while the desktops, laptops and workstations which use the GUP are in a different group with its own firewall and AV policies, but a shared Liveupdate policy
3. We used to use Liveupdate servers with early SEP 11 clients before the GUP was scaled to our needs, but we have now moved completely to GUPs, serving groups in some instances of 3000+ clients. I think if the policy states "use default management server" and "use Liveupdate server", it will use the management server on its heartbeat, and the Liveupdate on a schedule. (we use only the management server so I have not fully investigated). We have "do not allow clients to bypass GUP", so only the GUP talks to the management server, and all clients go to the GUP.