We have MVM 3200 appliance which is placed in DMZ network.
MVM(DMZ) <--> Firewall <--> INSIDE
Our cisco firewall need to open all ports(1-65535) while scanning
is it any mechanism to reduce ports while scanning ?
Yes, deploy scanning engines to perform the scan from within different network segments, instead of using just one all-in-one machine to try to perform all the scans.
I agreed with u but due to some limitations we cannot keep scanning engine inside network so in that case we have to open all ports from dmz to inside.
I'm sure you can find a Windows license to install it. Your MVM license allows you to install as many scanning engines as you want as long as the total number of scanned nodes is within your license count. The last thing you want to do is to open up all the ports for a host towards the internal network.
As stated, you could deploy a remote scanner and only utilize the needed ports (such as 443) for communication from console to remote scan engine.
The real question is what you are trying to accomplish with MVM. Are you "port knocking" on all TCP/UPD ports? Yes, then you need all 65535 open. Are you just scanning certain hosts for windows vulnerabilities? Then you might be able to reduce the number of ports to the needed 636, 135, 445, 389, etc needed for windows access. Search the knowledge base and documentation and you might find the "required" ports needed for each type of OS.
There are ways to massage access groups and ACLs so that a full any:any is not required.