Try nmap scanner from
http://www.insecure.org/nmap
There is command line scanner, nmap, and a gui interface, nmapfe.
You may need to get a 2nd internet connection, modem eg. to scan the firewall directly, and have some fun!! It's a brilliant tool to start with.
I have mine loaded into a remote machine and ssh to it for scans when I make changes to firewalls.
Rgds.