Traditional network security followed a castle-and-moat design. You built a strong perimeter using firewalls, placed all trusted resources inside, and assumed anything within the perimeter was safe. This worked when employees sat in offices, servers lived in data centers, and the network edge was clear.
The model had one job: keep attackers outside the walls. If traffic passed through the firewall, you trusted it. Internal-to-internal communication faced minimal inspection.