diff --git a/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule.py b/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule.py
new file mode 100644
index 00000000000000..1fbc69dc9cb863
--- /dev/null
+++ b/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule.py
@@ -0,0 +1,209 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_rule
+short_description: Manages threat-rule objects on Checkpoint over Web Services API
+description:
+ - Manages threat-rule objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ action:
+ description:
+ - Action-the enforced profile.
+ type: str
+ destination:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ destination_negate:
+ description:
+ - True if negate is set for destination.
+ type: bool
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ protected_scope:
+ description:
+ - Collection of objects defining Protected Scope identified by the name or UID.
+ type: list
+ protected_scope_negate:
+ description:
+ - True if negate is set for Protected Scope.
+ type: bool
+ service:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ service_negate:
+ description:
+ - True if negate is set for Service.
+ type: bool
+ source:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ source_negate:
+ description:
+ - True if negate is set for source.
+ type: bool
+ track:
+ description:
+ - Packet tracking.
+ type: str
+ track_settings:
+ description:
+ - Threat rule track settings.
+ type: dict
+ suboptions:
+ packet_capture:
+ description:
+ - Packet capture.
+ type: bool
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-rule
+ cp_mgmt_threat_rule:
+ comments: ''
+ install_on: Policy Targets
+ layer: New Layer 1
+ name: First threat rule
+ position: 1
+ protected_scope: All_Internet
+ state: present
+ track: None
+
+- name: set-threat-rule
+ cp_mgmt_threat_rule:
+ action: New Profile 1
+ comments: commnet for the first rule
+ install_on: Policy Targets
+ layer: New Layer 1
+ name: Rule Name
+ position: 1
+ protected_scope: All_Internet
+ state: present
+
+- name: delete-threat-rule
+ cp_mgmt_threat_rule:
+ layer: New Layer 1
+ name: Rule Name
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_rule:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
+
+
+def main():
+ argument_spec = dict(
+ position=dict(type='str'),
+ layer=dict(type='str'),
+ name=dict(type='str', required=True),
+ action=dict(type='str'),
+ destination=dict(type='list'),
+ destination_negate=dict(type='bool'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list'),
+ protected_scope=dict(type='list'),
+ protected_scope_negate=dict(type='bool'),
+ service=dict(type='list'),
+ service_negate=dict(type='bool'),
+ source=dict(type='list'),
+ source_negate=dict(type='bool'),
+ track=dict(type='str'),
+ track_settings=dict(type='dict', options=dict(
+ packet_capture=dict(type='bool')
+ )),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-rule'
+
+ if module.params['position'] is None:
+ result = api_call(module, api_call_object)
+ else:
+ result = api_call_for_rule(module, api_call_object)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule_facts.py b/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule_facts.py
new file mode 100644
index 00000000000000..ca11df62b25e56
--- /dev/null
+++ b/lib/ansible/modules/network/checkpoint/cp_mgmt_threat_rule_facts.py
@@ -0,0 +1,209 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_rule_facts
+short_description: Get threat-rule objects facts on Checkpoint over Web Services API
+description:
+ - Get threat-rule objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.9"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name. Should be unique in the domain.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ package:
+ description:
+ - Name of the package.
+ type: str
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-rule
+ cp_mgmt_threat_rule_facts:
+ layer: New Layer 1
+ name: Rule Name
+
+- name: show-threat-rulebase
+ cp_mgmt_threat_rule_facts:
+ details_level: standard
+ filter: ''
+ limit: 20
+ name: Threat Prevention
+ offset: 0
+ use_object_dictionary: false
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ layer=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ package=dict(type='str'),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ api_call_object = "threat-rule"
+ api_call_object_plural_version = "threat-rulebase"
+
+ result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()