TLS/SSL for authentication is ok. FTP is not an encrypted protocol, neither is telnet. The internet gateway could serve as an TLS/SSL proxy if the client accepted the non encrypted certificate from the gateway.

To actually see what's happening you should use wireshark to see the actual packets.

Aaron - KJ7TXR

Pictures: What is a SSL Proxy? Definition & Related FAQs | Avi Networks