You have developed a 2-tier application on Google Cloud, consisting of an application tier and a database tier. The application tier operates in subnet-a, while the database tier is in subnet-b, both within the default VPC. What is the best method to configure a firewall rule that ensures only the application servers can communicate with the database servers?