A company utilizes AWS Cloud WAN with edge locations in the us-east-1 and us-west-1 Regions, each hosting a shared services segment. These segments have VPC attachments to inspection VPCs in both Regions, which inspect WAN traffic using AWS Network Firewall.

The company introduces a new segment for a business unit (BU) in the us-east-1 edge location, with three VPCs attached to this segment. Regulatory requirements mandate that the BU VPCs cannot communicate with each other, and all internet-bound traffic must be inspected in the inspection VPC.

The company configures VPC route tables to direct internet-bound traffic to the AWS Cloud WAN core network. Additional VPCs for the BU will be added in the future, all of which must comply with the same regulations.

Which two solutions will meet these requirements in the MOST operationally efficient manner?