If you are trying to save memory, fedora minimal may be a better option, in my limited experience. I originally built sys-qubes with debian minimal (debian is my preference) but when I built equivalent qubes using fedora minimal, these used slightly less memory. The starting values are educated guesses but you need to consider the fact that reducing the startup memory may lead to paging/swapping and that may not be a good thing for your SSD in the long term. In order to see what works for you, I would start with some value, run some load and see the memory footprint, both in memory and in swap. You can also reduce swappiness to 1 (or even 0, if you don’t mind the occasional OOM killer triggering at some point) to reduce the wear in your SSD (assuming you use an SSD).
Sys-net needs to have access to hardware, so it runs HVM, which does not support ballooning/balancing. Same applies to sys-usb. Sys-firewall, on the other hand, is a standard pvh, so balancing works well with it.
No, your analysis about the effect of the memory limits in those two vm’s when they are connected in series is not correct. The use of memory is very different. Most of the activity that sys-net does happens in kernel space and usually memory utilization doesn’t increase much over heavy traffic (exception being when you use sys-net for Dom0 updates too). Sys-firewall, in the other hand, could be running proxies or other user space services that take additional memory, but 4,000MB is still a very generous amount and that memory is usually never used and reclaimed by Qubes if there is memory pressure somewhere else.
But if you want to really save memory, you can replace sys-firewall with the mirage firewall instead, and only use 64MB in that sys-firewall qube, as described here: https://github.com/mirage/qubes-mirage-firewall
I hope this helps.