Dear,
FTP was created exclusively for the purpose of transferring files, the great advantage of this protocol over HTTP is the possibility of "double-handed" transfer without development, natively, if you are in doubt about the 2 I believe your need is to make the files available and your clients will only download without uploading.
For security purposes, the two are similar, eg with respect to the man-in-the-middle attacks, the two will perform similarly, since the transfer is essentially plain text (non-encrypted) in the 2 cases and can be easily intercepted, which can be circumvented with sFTP (ssh) as mentioned by @Miguel or with FTPS (SSL).
I believe that in 99% of cases what dictates the technology to be used is the final need, thus:
If you only need to send files, and these files are not sensitive (non-confidential) I would undoubtedly opt for HTTP for the reason you specified, there are no problems with clients' firewall.
If your data is confidential, you would choose sFTP (ssh) or FTPS (SSL), properly configured (anonymous user disabled, strong passwords, etc.).
In addition to these options there is also a middle ground, which is to use a secure file exchange platform over HTTPS, recently deployed a client and has fully attended: link