Another option is to use the Third Party Distribution method as detailed in the below articles. These describe how to update all definition types on SEP clients, and does not require the clients to have a local network connection, let alone an Internet connection (i.e. you can copy the defs into a folder using a USB stick and the client will process them):
For 12.1:
http://www.symantec.com/docs/HOWTO80913
For 11:
http://www.symantec.com/docs/TECH102542
How to configure unmanaged clients to use the Thrid Party Content Distribution method:
http://www.symantec.com/docs/HOWTO55199
As you can tell from the articles, this method requires a SEPM (even one with no clients talking to it), and is more complicated method than the use of internal&external LUA servers as described in my earlier post.
I'd personally still recommend using the LUA option, but don't know enough about your environment to say if this Third Party Distribution option is more appropriate.