Fortinet Community

From GUI:

-Go to System -> Feature visibility and make sure Explicit Proxy is enabled
-Go to Network -> Interface -> explicit proxy and enable Explicit FTP proxy

Then select the interface in which FortiGate needs to listen for ftp proxy, select desired port number.

From CLI:

#config ftp-proxy explicit
    set status enable
    set incoming-port 8021
end

On listening interface make sure explicit proxy is enabled.

#config system interface
    edit "port10"
        set vdom "root"
        set ip 10.120.0.61 255.255.252.0
        set allowaccess ping https ssh http
        set type physical
        set explicit-ftp-proxy enable
        set sbnmp-index 12
    next

end

Configure proxy policy to wan interface and enable proxy service as ftp.

#config firewall proxy-policy
    edit 1
        set uuid dl8ec384-b98f-51e9-31de-dl0439a57987
        set proxy ftp
        set dstfintf "port9"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
    next

Configuration from FTP client:

Logs from ftp client.

STATUS>    Connecting to 'speedtest.tele2.net' on port 21 through proxy "10.120.0.61" on port 8021.
STATUS>    Connecting to '10.120.0.61' on port 8021.
STATUS>    Connected to '10.120.0.61' on port 8021 from 10.120.0.174:50658.

COMMAND:

-USER: anonymous@speedtest.tele2.net.
-Provide password information according to the following format: [[proxy-passwd:[proxy-token:]]remote_passwd.   
 
Note that if a proxy-user is used as part of the user-name, provide a proxy-passwd as part of the password.
Furthermore, proxy-token can only be provided in the password if proxy-user has been provided.

COMMAND:

PASS  ****
Login successful.
STATUS>    Login successful.

CLI debug on Fortigate:

#diagnose wad debug enable level info
#diagnose wad debug enable category ftp
#diagnose debug enable