Are you sure that you need bi directional access and all ports to be opened for Scan by using VM module..?
Since we are doing authenticated scan – at least for windows authenticated scan only port TCP 135, 139 and 445 would be enough. Because scanner will login to the target machine do the scan.?
If I am not wrong
All TCP/UDP ports connectable by the scanner, is the requirement so that the scanner may work out which ports are actually open. By connectable I mean you could connect to them over the network if they were open. You don't need to open all those ports.
You're correct in that a minimal set of ports need to be open for authenticated scans to take place.
It's useful to do the external scan because some vulnerabilities may be exposed on ports visible to external only (not to 127.0.0.1) - especially those found by functional testing as opposed to finding the software version during an authenticated scan.
YMMV