The short answer is that FTPS and firewalls (and devices performing NAT) do not always interact well. The control connection happens on a well-known port, and has no issues; it is the data connection that poses problems for FTP-aware firewalls. In a non-FTPS session, the firewall can inspect the FTP server's responses on the control connection to a client's PASV or PORT command, and thus know which on which ports/addresses the data connection will be established.
In an FTPS session, though, those control connection messages are encrypted, and so the FTP-aware firewall cannot peek. Hence, it cannot know on which ports the data connection will be established. For firewalls that are configured to always allow a certain range of ports (such as might be configured using passive mode), FTPS should function without issue.
To configure for passive FTP (the preferred method), see My IP address begins with 192.168.xxx.xxx. Is there anything special I have to do for people to see my FTP Server on the Internet?