You can use NMAP to determine open ports and other sensitive information, such as footprinting (remote OS detection) and whether or not the remote host is just trying to "filter" the ports. NMAP would be great for scanning systems that have ICMP firewalls (specifically trying to block pings.)
Once you have a firewall setup and would like to take it further than a simple NMAP scan, I would recommend using Nessus, which is a state of the art/high-speed vulnerability scanner - http://www.nessus.org/
- It won't just find the open ports and report them, but it will find holes in the firewall as well. Which can come in handy.
There are many comapanies that will scan/test your firewall for you (such as unspecificconsulting.com, though I'm not sure of their present status).