In an enterprise setting, you shouldn’t trust the server firewall. You lock that down with your network equipment.

I thought someone might say this, but it doesn’t seem very zero-trust?

Ideally you’d still want the host to be as secure as humanly possible?