Tailscale would also need to natively provide segmentation, least privilege, attribute based access, endpoint posture checks, and do authentication/authorisation before connectivity is established. I believe they recommend a firewall does some of this. Also the SDKs.