Another method for bypassing firewall restrictions while doing a port scan is by spoofing the MAC address of your host.This technique can be very effective especially if there is a MAC filtering rule to allow only traffic from certain MAC addresses so you will need to discover which MAC address you need to set in order to obtain results.
Specifically the spoof-mac option gives you the ability to choose a MAC address from a specific vendor,to choose a random MAC address or to set a specific MAC address of your choice.
Another advantage of MAC address spoofing is that you make your scan more stealthier because your real MAC address it will not appear on the firewall log files.
Specify MAC address from a Vendor -> spoof-mac Dell/Apple/3Com
Generate a random MAC address -> spoof-mac 0
Specify your own MAC address -> spoof-mac 00:01:02:25:56:AE