Hi Tom,
I really would not recommend relying on .jdb's as a permanent solution. JDB's contain traditional AV definitions, but that is all. There's no IPS definitions, updates for the heuristic components, etc is a .JDB. That means you'll realy be using outdated components or jst AV alone, which is liek fighting with one arm tied behind your back.
It is possible to download all the SEPM definitions types using LiveUpdate Administrator 2.x, then copy them over to the isolated network via USB. The SEPM can be configured to run and retrieve those updates from a location on the isolated network. Here's an article with more info:
Updating downloads in an internal LiveUpdate Administrator 2.x Server using the downloads from an external LiveUpdate Server
Article: TECH106254
Article URL http://www.symantec.com/docs/TECH106254
This solution does require establishing a LUA server on an internet-facing machine, but will result in much more comprehensive protection for all the clients on that isolated network.
Hope this helps!