In 2015 when 2.1.5 was trialed selected and deployed against the "then" most current version 2.2.2, the latter was scrapped because:
Carp + Lagg was broken. It only worked in LACP or Failover.
LACP was broken. All communication between interfaces failed. Firewall rules were ignored.
Hence, Carp + lagg + failover was the only working combination, providing very little bandwidth for the required needs.
Limiters didn't work
Deep packet inspection didn't work.
If, at the time I followed everybody recommendation to migrate from 2.1.5 to 2.2.2 under the presumption that tens of thousands already did it, I would not be here today. Pfsense would have stopped communicating entirely with the switches, all firewall rules would have stopped working. The company would have stop.
Next year I will trial new versions with due process (lab testing).
Ftp connections are active but are not ftps or ftpes. Problem was (luckily) quickly solved at the application level. Thanks for the support though.