Firewalla Local: Native, local, zero-latency Home Assistant control

Share your Projects! Custom Integrations
,
1

Firewalla Local
Firewalla Local1000×267 15.3 KB

Hi everyone,

I bought my Firewalla Gold a few years ago for the same reason many of you did: the promise of a powerful, prosumer, DIY-friendly firewall. To be fair, I like the Firewalla app—it does a great job of making complex networking accessible.

However, relying solely on it means the ecosystem is not only “Cloud-Locked,” but also “App-Locked.” Opening an app on your phone is perfectly fine for configuring a VLAN every once in a while. But it becomes a significant handicap when you want to dynamically orchestrate day-to-day routines. When you’re trying to automate a reliable internet cutoff for a 12 and 14-year-old at bedtime, or you want to leverage rich network data alongside the rest of your homelab services, the app-only approach falls short.

After years of maintaining custom SSH scripts to pull system metrics and wiring up clunky workarounds, I eventually reached a fork in the road: either reflash my hardware to a fully open-source OS, or finally build the native Home Assistant integration the community has been asking for.

I chose to build.

Today I’m releasing Firewalla Local (v1.0.0). It’s available via HACS and built from the ground up to meet Home Assistant’s “Platinum” quality standards with a 100% local data plane.

What it enables:

  • Rule-Backed Switches: Expose your most-used rules (Internet Block, Social, Gaming, etc.) as simple switches with Optimistic UI—meaning your HA dashboard updates immediately with zero latency.
  • Watched-User & Device Monitoring: Select specific household users or endpoints to track daily usage minutes, active apps, and connectivity, backed by the proven local payload.
  • Timed Pauses: Use native pause_rule and resume_rule services in your automations (e.g., “Give the kids 30 more minutes of gaming”).
  • Appliance Monitoring: Track system load, memory, disk usage, WAN IP details, and the latest successful Speed Test result natively in HA.

Security & Architecture:
This isn’t just a wrapper for a few scripts. It uses the official “Additional Pairing” protocol to securely retrieve the router’s local cryptographic bundle. After a one-time cloud-brokered pairing (identical to adding a second phone via the Firewalla app), all communication is 100% local, bypassing the cloud entirely. Note on Access: Because the integration communicates directly with the local hardware using this shared symmetric key, “unpairing” the device in your Firewalla app only removes the cloud association. To fully remove access, you simply delete the integration directly within Home Assistant to wipe the locally stored keys.

Hardware Testing:
I developed and actively run this on a Firewalla Gold. It should be fully compatible with the Purple, Gold Pro, and any other series running the Firewalla Box software that supports the local API. If you have one of those units, I’d love for you to install it and drop a note in the GitHub Discussions so I can update the supported hardware list.

image
image901×631 59.8 KB

:heart: Support the Project

Building and maintaining local control integrations takes countless hours of development, testing, and covering hardware and tool costs. If Firewalla Local is giving you the network control you’ve been hoping for, here is how you can help keep the project alive:

:star: Star this repository! (The Non-Negotiable)
If you install this integration and get value out of it, clicking the Star button at the top of the page is the easiest—and free—way to say thanks. It takes two seconds, helps others discover the project, and shows me that the community is actively using it.

:coffee: Sponsor or Tip (The Ultimate Motivator)
While stars let me know the integration is alive, a sponsorship or tip is the absolute best way to affirm that the time and money spent building this tool is providing real value.

Financial support is never required, but it is the strongest motivation for me to keep fixing bugs, adding features, and maintaining this project long-term. If Firewalla Local makes your smart home better, consider showing your support!

Sponsor Buy Me A Coffee

:books: Getting Started

Everything you need to install via HACS and configure the integration is documented in the User Guide:
:point_right: Firewalla Local GitHub Repository
:point_right: User Guide

Note: Check the User Guide in the repo for the pairing walkthrough, as you’ll need to extract the raw QR JSON from the Firewalla app to complete the initial setup.

I built this so we wouldn’t have to choose between great hardware and a local-first DIY experience. I’d love for you to try it out and let me know what you think!

2

Here is what is new in v1.1.0:

:round_pushpin: Presence and User Tracking

  • Opt-in Device Trackers: You can now selectively opt-in eligible LAN clients to expose native device_tracker entities. Most commonly used with phones or other personal devices indicating if a person is home or away.
  • Watched Users: Monitor specific household users with dedicated sensors reporting daily usage limits, unique device counts, per-app usage, and last_active status.

:hammer_and_wrench: Host Management & Actions

You can now manage your network infrastructure directly from Home Assistant dashboards or automations:

  • Wake-on-LAN: Wake compatible hosts via a native HA service call to the Firewalla.
  • Host Admin: Rename hosts, toggle Notify when online/offline, and set or clear DHCP reservations with network-aware validation.
  • Speed Tests: Trigger WAN internet speed tests natively from HA without opening the Firewalla app.

:bar_chart: Data on Demand (13 New Services)

Instead of creating hundreds of useless sensors that bloat your HA database, I’ve exposed Firewalla’s deep metrics via 13 new Action Services. These services fetch rich local data on-demand and return it as dictionaries for your automations.

  • Get Host Name Mappings (Perfect for syncing Firewalla names to custom DNS proxies like Control D or NextDNS)
  • Get Network Segment Reports & Usage
  • Get Time Usage Reports for monitored users.
  • Get WAN Data Usage & Event Timelines
  • Get Speed Test Results
  • Plus the host admin services mentioned above (Wake, Set Name, Set DHCP, etc.)

:gear: Runtime Visibility & Debugging

For those building complex automations, visibility is key.

  • Added a Sync Runtime diagnostic button to force an immediate local coordinator refresh.
  • Added a runtime_data_updated_at attribute so your automations can verify data freshness.
  • Enhanced the debug logging and pairing troubleshooting guidance for first-time setups.

:arrow_down: How to Update

If you already have the repository added in HACS, simply check for updates and download v1.1.0.

If you are new to the project, everything you need to install via HACS and configure the integration is documented here:
:point_right: Firewalla Local GitHub Repository
:point_right: User Guide & Pairing Walkthrough

:heart: Support the Project

As always, building and maintaining local-first integrations takes a massive amount of time, testing, and coffee. If Firewalla Local is making your smart home better, please consider supporting the project!

:star: Star the repository on GitHub! (Free & easy way to help the project grow)
:coffee: Sponsor on GitHub or Buy Me A Coffee

Let me know how the new presence tracking and services are working for you!