When we deploy control, we must understand what is the purpose of the control. I came across certain cybersecurity practitioners that network firewall has to be deployed even in a standalone environment to further segregate the zones within the system just because the policies say so. There will not be material enhancement to cybersecurity but impose recurring maintenance overhead of the addition network components: regular firmware upgrade, end of life monitoring for technology refresh, log review, account/password changes etc. All these can be avoided if no firewall is deployed.
In the illustration, the control is informative or advisory. It won’t be able to withstand “brute force” bypass. There is also no point to impose. The consequence is the best control that if you go beyond this point, your life would be at risk and you take the sole (not shared) responsibility.