You are managing a multi-tier application in Google Cloud Platform (GCP) consisting of web servers, application servers, and database servers. You want to ensure secure communication between these tiers and restrict access based on the principle of least privilege. Which GCP service should you use to create and enforce network-level firewall rules that span multiple instances within a VPC?