If the clients are behind the firewall and active FTP is being used it will require to have the FTP inspection enabled.
You can confirm if this is enabled with the command show run policy-map.
Can you provide the output from the command show service-policy if you have the inspection enabled.
If the connections are being established you can setup a capture with a circular buffer and confirm what happens at the end of the communication and analyse it with a packet sniffer.
here is the show run-policy
Policy-map type inspect dns preset_dns_map
message-length maximum client auto
message-length maximum 512
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
The inspection is enabled. Now as I recommended before you may setup captures on the firewall to analyze the traffic and be able to determine the reason for the failure.
Can you confirm what is the problem. Are the connections failing to be established ? Are the connections dropping after a while?
You can run your test and gather the show service policy prior and after and confirm if there are drops related to the FTP inspection and if the counter increases.