Well, for how to's, how bout checking in the "Tutorials & Guides" section on this forum first? Other than that, try searching for info. Key terms such as "exploits", "firewall testing", "port scan", "ssh attack", "metasploit", "dos", and research vulnerabilities in the UTM firewall, and if you are testing how it handles attacks from the outside, do not scan the box from inside the network, instead, gather your DNS and port information, and see what extra knowledge that would give you/the attacker, things like login names, possible passwords, company computers, etc. But obviously, being trained in security, you knew this already Right?
P.S., if you are familiar enough with Linux and Security stuff, all the tools are the same security tools that are in other linux distro's, so where's the trouble coming from? You obviously have permission to test this box from the outside, don't you