Just to clarify, but configuration of AGENT (in ESET Management Agent policy) and configuration of HTTP proxy in policy for security product (i.e. ESET Endpoint Security for Windows) are completely unrelated, and each of them configure only specific product it is targeting.
Regarding settings, both of policies (Agent vs. other products) are using the same principle: there is possibility to configure one HTTP proxy for all communication (this one is mostly called global), and there is possibility to override this setting for specific services or communication types. In case of ESET Management Agent, you can use different configuration for communication with ESET infrastructure, through internet, and different HTTP proxy (or not at all) for communication between Agent and ERA/ESMC Server.
This is hard to answer, but it definitely depends on infrastructure. For example there are customers, that has very weak connection between AGENT and ESMC Server (i.e. some kind of VPN between company branches) and installation or download through this link would be killing internal network - also it would mean that ESMC has to be transformed into high-grade HTTP server. There is also alternative to use one HTTP proxy hosted side-by-side ESMC Server which should partially resolve this issue, but it is not enforced.
For security products we recommend configuring the proxy server under Tools -> Proxy server (global settings). Unlike the settings in the Updates section, the global settings are also used for activation, LiveGrid communication, etc.
The proxy settings in the Updates section are useful if a device connects to different networks with different proxy servers, however, they are not used for communicating with other than update servers and repository in case of program updates.
In case of agent, if you use "Different proxy per service" setting, you can configure a different proxy server for communication with the ESMC server and with other servers (repository, update servers).