Security

I am new to ISA Server 2004. How do I configure an array firewall policy that will allow incoming connections on a specific TCP port only AFTER an outgoing connection has been initiated on another port? The outgoing connection can be initiated from any client on the internal network, and I need to allow incoming traffic on a different port to reach the machine that initiated the connection. The firewall is performing network address translation. We have several applications that operate in this fashion, but I don't want to just leave the ports open all the time. I know ISA can do this, I just don't know how to set it up.

One additional question:
What's the difference between using a server publishing role to host a server and just creating a firewall policy to accept incoming connections on a specific port from the external network? Are there any advantages/disadvantages to doing either?