Hi,

My customer have 2 FWSM modules installed at 2 PACS core switch, and runned as A/S mode, the firewall mode is route mode without NAT. The FWSM have 3 security zone : PACS, HIS & TJ. The core switches of PACS zone & HIS zone are at same computer room, we used 2 GB link to connect from HIS core switch to 2 PACS core switches, and use rapid spanning-tree as the link redundent protocol. The TJ core switch at another building, we used 100Mbps FTTB to connect TJ & PACS core switch. The rouitng protocol for PACS, HIS & TJ is OSPF.

Now they want to apply another 10Mbps FTTB link between PACS & TJ core switch, but they don't want to use rapid spanning-tree as the link redundent protocol, they want to use L3 routing protocol ( OSPF ) to achieve the link redundent between 2 links ( 100Mbps & 10Mbps ). Can I :

1. create another security zone TJ1, the VLAN of TJ1 is 252

2. create another VLAN at TJ core switch, then connect it to PACS core switch VLAN 252 ( TJ1 zone )

3. enable OSPF routing at TJ core switch new VLAN & PACS core switch VLAN 252, setup the distance lower than 100Mbps FTTB

4. reference the static command related to TJ, duplicate it for TJ1 interface.

5. create firewall policy for TJ1 interface, then apply to TJ1 interface ( the policy are same as firewall policy for TJ interface )

Best Regards,

Jackson Ku