Simple Junos Commit Script

Here is a simple junos commit script that checks if a given interface is assigned to trust zone or not. It is very basic of course but can be extended using junos automation reference documents.

/* basic-sanity-check.slax */
version 1.0;
ns junos = "*/junos";
ns xnm = "";
ns jcs = "";
import "../import/junos.xsl";

match configuration {
if(jcs:empty(security/zones/security-zone[name == "trust"]/interfaces[name=="ge-0/0/0.0"])) {
    "Management interface must be in trust zone";


Once you create this script place it under /var/db/scripts/commit/test.slax

Then enable it via cli in the configuration

junos#set system scripts commit file test.slax

You will see that if the interface ge-0/0/0.0 isn’t assigned to the trust zone you will receive the error message in <message> tag.

If you want to take a look at some more examples you can take a look at junos script library

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from

Subscribe now to keep reading and get access to the full archive.

Continue reading