Consul recommendations for firewalled environments

Hi,

I’ve previously deployed Consul into various AWS environments and it’s been incredibly useful. I’m now working for a company who have in-house infrastructure and I can see a benefit in them also using it. My problem is that this customer are responsible for Critical National Infrastructure and have a very fragmented network design with servers residing in 100’s of firewalled zones. Opening up even a single port to/from every host in every zone is going to be impractical and probably considered a security risk.

Is there any functionality within Consul (or a related product) to accommodate environments such as this? I’ve searched for documentation but haven’t found anything I can present as a potential solution.

Many thanks,
Steve