1. Create a single point of access to the file transfer server
As long as you configure your firewall and reverse proxy correctly, no one has direct access to any of your file transfer servers. Everyone has to go through a reverse proxy. When this happens, you can focus on monitoring what is coming in and out through the reverse proxy.
Because you have only one access point, you can focus access control on that single point. For example, instead of specifying an IP address to allow connections on each server, you can simply create a set of IP access rules on the reverse proxy. If a user tries to connect from an unauthorized IP, the reverse proxy can immediately terminate the attempt.
Most user credentials are stored only on the file transfer server itself. Therefore, if your file transfer servers are located in the DMZ, they can be easily obtained by an aggressive attacker. By moving the server to an internal network and deploying a reverse proxy to control access, you can provide better security for these credentials, and therefore for the data they protect.
With a reverse proxy, you can choose to move YOUR DMZ based file transfer servers to your internal network, where they will be less vulnerable to attack.
Many de facto standards and government-enforced regulations do not allow data to be stored in highly vulnerable zones such as the DMZ. For example, PCI-DSS (Payment card Industry-Data Security Standard) explicitly requires that credit card information be stored in an internal network separated from the DMZ.