To enable Unified Threat Reporting, create a database that includes malware scanning and sandboxing results from the Symantec Content Analysis and Malware Analysis appliances that are deployed as part of your Symantec security solution
Because the upload client (FTP server) is configured on the Proxy, the CAS appliance would have to communicate through the Proxy, to access the upload client and to talk to the Reporer. This is reflected in the recommended topology diagram shown below.
Howbeit, if the Reporter is the configured upload client, on the Proxy, then CAS will send the logs directly to the Reporter, still using FTP.