If the host I want to scan is the other side of a firewall, I could configure the firewall to allow the scan traffic, or perhaps set up a VPN.
But if I am going to perform a credentialed scan, I can just open up one or two ports to the scanner to allow it through to log into the host.
It can run netstat instead of testing every port, and in theory it could most likely connect to ports internally instead of externally if it wanted to.
So in this case, will the scanner have everything it needs to perform all its checks? Or are there vulnerability checks that only work from outside the host?
I can see that I might loose some 'info' such as traceroute, but any vulnerability checks?