First off, there's no inate ability for a SEP client to actively search a subnet for a GUP. All SEP Clients receive a list of the GUPs (if you're using the Multiple GUP implementation) and it picks the GUP from that list that is on the same subnet. If it can't find one, then it will go to the Backup GUP or SEPM.
Also, there is no way of getting a client to do a LiveUpdate from Symantec if it cannot locate a GUP. The closest thing you're looking at is the LiveUpdate Schedule skipping options within the LU policy. These options can tell a client to do LiveUpdate from Symantec if it's defs are too old (2days?) or hasn't contacted a SEPM in a while.
This is all further complicated by the fact you have three replicating SEP Sites.
In theory, you should be able to create a single LU policy that uses the Multiple GUP option to list all your GUPs (dunno if there is a limit to the number of GUPs that can be defined). This will sort out the "Use a GUP if there is one" requirement.
The bit that complicates this is how your SEP Sites work (i.e. in the event of a SEPM failure, can the SEP Clients from Site A contact the SEPM in site B? If so, then you will also need to enable Location Awareness for your mobile clients to ensure they use the closest SEPM. Each location will have a different Management Server List to idenfiy the SEPM for that site as the highest priority.
The reason this is required is because without it, you could end up in a scenario where a client from Site A is heartbeating to the SEPM ins Site A, but contacting a GUP in Site B. In which case it'll likely fail.