I have encountered thisscenario in the past with stand-alone Domains.
- In the end we set up a daily FTP download of the McAfee site ftp.nai.com\commonupdater to a secure location,
- then had a process to copy this to CD
- Placed the CD the ePO server in the Stand-alone Domain, where we then set up the CD location as a Source Site for the ePO server.....
- you might have to do a Regedit on the ePO server (support.microsoft.com/kb/896861)
This process allowed us to hold back the DATS for 24hrs so not as to fall foul of False +ves etc.
Very Manual, I know but the only 'safe' way we could find to do it.
As long as there is a location that all the servers can see, then this is possible. The way to do this would be as follows:
Let's call the server with the internet connection Server A and the one without an internet connection Server B.
On server A, configure a UNC distributed repository in a location that server B can access. (It can be on Server A itself, if necessary.)
Configure this repository so that it only contains content like DATs, engines, and so on - do NOT include things like agents - and schedule a replication task to populate it.
Export Server A's public repository key (from Server Settings/Security Keys) and import it into Server B.
On Server B, configure a source site that points to the distributed repository.
That should do it