There are situations where customers will "block everything" and allow only certain URLs (for FTP for example).
For FTP this is bad because, authentication occurs in steps. So during the initial steps you need to stop cycle if Command.Name equals "PASS" command because the URL property is blank and may get blocked halting FTP from making it past the authentication steps.
Your reply was very helpful. I realized that I was directly using Authenticate.Username property without Invoking Authentication through AD first. Upon amending this discrepancy, my FTP is working fine. I am attaching the ruleset I used. This ruleset ensures that while using a native FTP client (Filezilla/ WinSCP etc.) users are able to extend the proxy authentication setting of the FTP client to grant userID based FTP access.
In case you are accessing FTP url through web browsers, this rule won't come into picture as FTP over HTTP requests would be forwarded to port 9090, and your normal forward proxy rules will apply.