Here is how the ftp connection works and what the ALG does.
Standard FTP
The client makes the connection to the server on fixed port 21.
The policy on the firewall is for service ftp and application of none. Since this is the standard port the ALG will be active.
The server tells the client that it will use port 1024 for the data channel and opens this connection from server to the client.
The ALG sees that the client and server are commmunicating in ftp and permits this specific connection from the server to the client. This occurs even though the port is different than the original connection on port 21 and that the direction is the opposite. The ALG knows that this is how active FTP is suppose to work.
Custom Port FTP
The server is configured to run an ftp server using port 2020 as the control port instead of port 21.
The client initiates an ftp session on the custom port of 2020.
The policy on the firewall is set to the custom service of tcp 2020 and the application is set to ftp.
The server tells the client it will use port 5001 for the data channel and initiates a connection from the server to the client on this port.
The ALG knows this server to client communications is part of the ftp session and permits this. If the application was set to none, the ALG will NOT permit the return connection because the ALG only recognizes port 21 as standard FTP, custom ports must be called to the ALG's attention for this to kick in and permit the traffic.