Your organization has deployed a new workload with Web and Application (App) servers running on Compute Engine in a new custom VPC. You need to configure a secure network communication solution that meets these requirements:

• Only permits communication between the Web and App tiers.
• Enforces consistent network security when the Web and App tiers are autoscaled.
• Prevents Compute Engine Instance Administrators from modifying network traffic. What should you do?