Appendix: Regular Expressions

Regular Expression Syntax

This table shows the Check Point implementation of standard regular expression metacharacters.






escape metacharacters

non-printable characters

character types

[ ]

Square Brackets

character class definition

( )


sub-pattern, to use metacharacters on the enclosed string


Curly Brackets

min/max quantifier

{n} - exactly n occurrences

{n,m} - from n to m occurrences

{n,} - at least n occurrences



match any character


Question Mark

zero or one occurrences (equals {0,1})



zero or more occurrences of preceding character


Plus Sign

one or more occurrences (equals {1,})


Vertical Bar




anchor pattern to beginning of buffer (usually a word)



anchor pattern to end of buffer (usually a word)



range in character class

Using Non-Printable Characters

To use non-printable characters in patterns, escape the reserved character set.




alarm; the BEL character (hex code 07)


"control-X", where X is any character


escape (hex code 1B)


formfeed (hex code 0C)


newline (hex code 0A)


carriage return (hex code 0D)


tab (hex code 09)


character with octal code ddd


character with hex code hh

Using Character Types

To specify types of characters in patterns, escape the reserved character.




any decimal digit [0-9]


any character that is not a decimal digit


any whitespace character


any character that is not whitespace


any word character (underscore or alphanumeric character)


any non-word character (not underscore or alphanumeric)

Disabling QoS Acceleration Support

If you have a QoSClosed Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency. policy created for R77 and earlier, you will have to disable QoS acceleration to use other features. See:Acceleration Support for R77 Policies

To manually disable QoS acceleration:

  1. On the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., run: cpconfig to turn off SecureXLClosed Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. and CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores..

  2. Reboot the Security Gateway.

  3. After reboot, run:

    cpprod_util CPPROD_SetValue FG1 FgWithAcceleration 1 0 1

To manually enable QoS acceleration:

  1. On the Security Gateway, run:

    cpprod_util CPPROD_SetValue FG1 FgWithAcceleration 1 1 1

  2. Use cpconfig to turn on SecureXL/CoreXL.

  3. Reboot the Security Gateway.