Firewall behavior issue with ftp

i have an external phone, meaning a phone connected via the internet to the pbx. the phone pulls its config via ftp. the phone is on a connection that does not have a static ip address. so here is the problem we are having

we set the ftp service in the firewall to external
we set the wan nic to be external
the phone is unable to pull its config until we either turn off the firewall or we add the ip address of the phone to the zones network list which of course works for a while until the ip address changes.

there has to be a way to allow ftp through the firewall without white listing the ip of the phone but we can’t find it. can someone point us in the right direction?