Port scanning....
Firewalls are not a security panacea. There are ways to circumvate a firewall. Most stock public tools are not suited to the task (with the possible excetption of tools like hping2 and firewalk).
nmap has some advanced scan types that can confuse older firewalls, especially if they don't keep state. try -sA -sF or -sX. They are ACK scanning, FIN scanning and XMAS scanning, repesictivley. nmap also supports packet fragmentation via -f, which can sometimes get through older firewalls.
firewalk is kind of like traceroute. it can usually scan beyond firewalls, however it requires specific conditions to use. You also must know a host at least 1 hop beyond the target gateway/router firewall.
hping2 lets you craft packets. It is usually the most useful tool for this type of work. the options are numerous, so i suggest that you read the man pages.
if you really want to break through firewalls, learn Perl or C. then you can code your won very powerful custom attack scripts/programs.
GL