To ensure that your company's regional Compute Engine software as a service (SaaS) application is not accessible from the public internet but only from specific virtual machines (VMs) via Secure Shell (SSH), what action should you take to meet these requirements?