You will not be able to use 1 server to match all of the requirements.
The Network Monitor
must be a standalone server for 2 reasons:
1) The server has a lot of work to do regarding to the analysis of every packet travelling inside the network.
2) The server is inside the corporate network while the Prevent Mail & Web are designated to be on the DMZ, it would be a security risk applying Network Monitor and the Prevent servers.
About the detection servers:
The prevent servers could be together when using Symantec DLP 10 and it
will be supported.
Symantec
does not support the use of 2 Detection server's upon a single server in version 9
as far as i recall.