Hi Kitaab,
This design is supported, by default, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol to obtain updates from Microsoft. If there is a corporate
firewall between your network and the Internet, you will have to open these ports on the server that communicates directly to Microsoft Update.
There are two ways to link WSUS servers together:
Autonomous mode: An upstream WSUS server shares updates with its downstream server or servers during synchronization, but not update approval status or computer group information.
Downstream WSUS servers must be administered separately. Autonomous servers can also synchronize updates for a set of languages that is a subset of the set synchronized by their upstream server.
Replica mode: An upstream WSUS server shares updates, approval status, and computer groups with its downstream server or servers. Downstream replica servers inherit update approvals
and cannot be administered apart from their upstream WSUS server.
More details please refer the following KB:
Choose a Type of WSUS Deployment
https://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx
Configure and Manage Replica Servers
https://technet.microsoft.com/en-us/library/dd939885(v=ws.10).aspx
Im glad to be of help to you!