Ipswitch recommends sites adhere to the following recommended configuration. This "passive, implicit" setup has been shown to be the most problem-free of any FTPS configuration at a number of large MOVEit sites.
MOVEit DMZ FTP Server
Enable Require Passive Mode
Set Explicit Port to 21
Set Implicit Port to 990
Restrict Passive Ports on 3000 to 3003 (or some other range)
IPSec Policy (FTP Rule Filters)
Allow TCP from AnyIP, AnyPort to MyIP, Port 21
Allow TCP from AnyIP, AnyPort to MyIP, Port 990
Allow TCP from AnyIP, AnyPort to MyIP, Port 3000
Allow TCP from AnyIP, AnyPort to MyIP, Port 3001
Allow TCP from AnyIP, AnyPort to MyIP, Port 3002
Allow TCP from AnyIP, AnyPort to MyIP, Port 3003
Firewall Rules
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 21
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 990
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3000
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3001
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3002
Allow TCP from AnyIP, AnyPort to MOVEitDMZ, Port 3003
Client Configuration
Passive Transfer Mode (a.k.a. "Firewall Friendly")