The short answer is that FTPS and firewalls (and devices performing NAT) do not always interact well. The control connection happens on a well-known port, and has no issues; it is the data connection that poses problems for FTP-aware firewalls. In a non-FTPS session, the firewall can inspect the FTP server's responses on the control connection to a client's PASV or PORT command, and thus know which on which ports/addresses the data connection will be established.
In an FTPS session, though, those control connection messages are encrypted, and so the FTP-aware firewall cannot peek. Hence, it cannot know on which ports the data connection will be established. For firewalls that are configured to always allow a certain range of ports (such as might be configured using passive mode), FTPS should function without issue.
To configure for passive FTP (the preferred method), see Q2: My IP address begins with 192.168.xxx.xxx. Is there anything special I have to do for people to see my FTP Server on the Internet?