A single LMS server would not need the "Server Internal" ports to leave the box. The "Server to Device" and "Device to Server" are only needed if you want to use the associated functions.
That said, most folks I've seen shy away from the Windows Firewall on an LMS box as it is, to borrow a phrase from the late Steve Jobs, "a can of hurt". A better, in my opinion, hardening solution is to sit the server on a network management segment with an access-list or firewall service at the border that is less restrictive than the port- or application-specific Windows firewall.