I think I know what is going on here.
Because the server is on your DMZ, you probably can't reach through port 80 to reach the package server (The HTTP source location) and NetBIOS broadcasts are also likely blocked, thus preventing the UNC path from working.
The problem is that the programmers at Altiris, and then at Symantec didn't consider using non-domain machines when they were programming the system, and so the server doesn't hand out IP addresses or FQDNs of the site servers to the agents when not using a web-based site server. In your case you have the webserver, but the DMZ is likely blocking port 80, making it inaccessible.
You can either unblock port 80 through your DMZ (unwise), or set a static HOSTS/LMHOSTS entry to allow for UNC path browsing. (clunky, but works.)
I already have a suggestion in to improve the Altiris Agent such that it allows one to MANUALLY add in a list of alternate site server locations, inlcuding IP address, and then have the agent round-robin them until it gets a response. (really helpful for web-based updating of remote agents) You can find that idea here: https://www-secure.symantec.com/connect/idea/preferred-servers-proxy-round-robin-offsite-patching Please give it a vote if you like it.