Scan a device behind the firewall

Finding the vulnerability of a device that is being projected by the latest firewall
I tried to scan the device, but it was shown offline.
Are they really offline or are they not allowed to reach the device because the firewall is in between?