I am most familar with HIP, but there are ways to isolate hosts so that they can only talk to what you want them to talk to in a distinctly different way than a firewall. You could have three hosts (A, B, & C) on the same subnet where A can talk to B & C, but B & C cannot talk to each other. Likewise, A and C could have access to an Internet gateway, while B does not.
So far HIP is the only protocol I have seen for microsegmentation that actually works in an intuitive way, but I suspect Wireguard could be used to the same effect with some creative engineering.