Release Notes


A10 Harmony Controller HC-5.2.0


Supported versions
Thunder 5.x
5.1.0, 5.1.0-P2, 5.1.0-P3, 5.1.0-P4
Thunder 4.1.x
With Config Management:
With Config Management:
4.1.4-GR1-P3 to 4.1.4-GR1-P5
No Config Management:
4.1.4-GR1-P1, 4.1.4-GR1-P2
4.1.1-P8 and above
Lightning ADC
4.x, 5.0.0, 5.1.0
Harmony Apps
ADC App: v3.4, v3.5
CGN App: v3.4, v3.5
GiFW App: v3.3
SSLi App: 5.1.0-v3.0
GTPFW App: v3.3
Kubernetes Connector (Secure Service Mesh)
ICL-2.0.6, ICL-2.0.9, ICL-3.0.0

New Features for Users Running HC-5.1.0-P2

  1. Harmony Controller license can now be exported from GLM and imported into Controller without connecting the Controller to Internet or to ELM.
  2. Configuration of Thunders using Device CLI Snippets is available to push configuration to multiple device together.
  3. Direct webhook integration for posting alerts on MS Teams, Slack and Flock. This is in addition to posting webhook to programable interfaces like ServiceNow or a custom server.
  4. Alert definition can now be created based on analytics charts. This eliminates the requirement to go into detailed trigger creation.
  5. Audit logs is now available for user’s ‘write’ activities.
  6. Specific Dashboards are now available for device clusters, Logical clusters, individual devices, CGN scaleout traffic for Provider and Tenant levels as applicable by the administrative scope.
  7. Container Thunder can now be launched in Kubernetes Environment.
  8. Ability to schedule Thunder upgrade from Controller is now available.
  9. ‘Super-Admin’ user can also now login to Operator Console. This allows to reset the password of ‘admin’ user in case ‘admin’ is locked out.
  10. Out of the overall log collecting capacity of a Controller, Super Admin user can now reserve some capacity for future use. They can also allocate dedicated capacity to the providers.
  11. When vThunder instance is launched in AWS or Azure using Harmony Controller, additional IP addresses can be added to the network interface from Harmony Portal itself.
  12. HA Controller deployment is now alos available in public cloud environment and in addition to previously available Data Centre environment.


  • Use of CentOS/RHEL 7.4 and 7.5 for running Harmony Controller is being deprecated. Customers are advised to upgrade the Operating System of the machines running Controller. Next version of Controller may work but will not be supported on CentOS/RHEL 7.4 and 7.5.
  • Direct upgrade support from HC-4.2.1-Px will not be available in next version of Harmony Controller. Customers will be able to upgrade to HC-5.2.0 from HC-4.2.1-Px at any time.

Fixed Issues

Item ID
Due to the issues in Microsoft Edge, Single Sign On (SSO) to device User
Interface was failing. Thunder Configuration is now available in Harmony
Portal and Access Device function is removed.
While displaying difference between old and new configuration, the coloring
of config blocks was incorrect. This has been fixed.
For vThunder, partition CPU usage were approximate. Display has been
changed to provide more meaningful information.
Harmony Controller used to connect to Thunder management interface only
on port 443. Custom port can be used now.
Configuring multiple Thunder devices or Application services together
from Harmony Portal is now available.
Generated alerts are now stored for one year similar to all other
analytics data.
When configuration for a partition was being modified by two different users
(Provider admin and Tenant admin) in two different scopes (device and
application service), full configuration was being pushed to Thunder when any
one of them decided to push.
Only the changed configuration is being pushed to Thunder immediately on change.
All other portions of configuration remain unimpacted.
License name is now being populated for already imported licenses also.
For Thunder registered to Controller via data interface, access device
function from Harmony Controller (SSO to Thunder management UI) was not
working previously. Thunder Configuration is now available in Harmony
Portal and Access Device function is removed.
For TACACS authentication, Controller can now connect to TACACS
server on any port.
Option to schedule image upgrade of Thunder devices from
Harmony Portal is now available.

Known Issues

Item ID
In case of HA Failover, analytics show the new active device status even
for historical data that belongs to old device.
Admin users created on Thunder devices after registering them to
Controller, do not get synchronized with Controller even after
configuration scan. Deregistering Thunder and registering again will fix
the problem. However, mapping Partitions to Tenants may be required again.
HARMONY- 18262
The Thunder cluster launched by Harmony Controller in VMWare vCenter,
AWS or Azure environment only supports cluster type ‘Single’. HA or
VCS clusters needs to be launched manually and attached to Controller.
When Thunder configuration with multiple Virtual IP addresses (VIPs) is
created via Harmony Portal and pushed to a Thunder device, analytics
information for all these VIPs does not show up properly. Recommended
is to configure one VIP at a time.
When Thunder configuration is modified directly on Thunder, it does not
automatically synchronize with the Controller. Using ‘Scan’ option brings
the configuration to Controller from the device. However, making all
configuration changes from Harmony Portal (Global Object Explorer) is
recommended after registering Thunder to Controller.
Options for scheduled device configuration backup from Harmony Portal
are temporarily reduced and only one-time scheduled backup is available
for now.
In Harmony Portal, Tenant admins can view the devices, partitions
and associated application services that do not belong to them.
Recommended not to onboard application service that require strict
access control.
When existing configuration is imported or scanned from Thunder device,
some properties may not show up properly in Harmony Portal.
The Thunder Onboarding help that pops up on first time login does not
display how-to perform the steps. It is recommended is to use product
documentation for details.
When size of Thunder configuration is large, configuration exchange
actions (e.g. config push/scan, config backup/restore) between
Harmony Controller and Thunder may fail.
Certain portions of Thunder configuration, especially shared objects
are not being deployed properly when pushed to Thunder from Harmony
Controller. Using ‘Device Utilities > Device CLI’ is recommended.
In some cases, to avoid disruption of environment or application traffic,
configuration push from Harmony Controller to Thunder may not succeed.
A few system created Partitions may be visible to admins. These are for
internal use by Controller sub-system. Users are advised not to change
anything in those accounts.
In case of assigning device license to VCS cluster, license is allocated only to
Master. License to blades is to be allocated manually.
Configuration management of Thunder VCS clusters from Controller
is not supported. Recommended is to convert VCS clusters to
multi-node HA clusters while registering with Controller. If these
devices are deregistered from Controller, recreation of VCS is
to be done manually.
A Thunder VCS cluster deployed in different network from Controller
(behind firewall), cannot be registered using Tunnel feature. Traffic
from Controller to Thunder management port should be allowed in
firewall for it to work.
When Thunder cluster registers, Controller provides default auto-generated
names. While upgrading from HC-4.2.1-Px, these names may change to the
new default values.
For old version of Thunders, some information like log collection rate,
request rate, detailed service status etc., may be displayed incorrectly.
Please consider upgrading Thunder to ACOS 5.x.
PDF reports display time as per time zone of Controller instance. This
may not match with the time shown in Harmony Portal because the portal
takes time zone of the client browser machine.
When the configuration is being pushed from Controller which includes
password or similar fields, for Thunders these configuration changes
do not apply. Such changes are to be made directly in Thunder. After
that configuration can be scanned from Controller for synchronization.
When more than one administrator changes configuration of applications
deployed on same Thunder partition via Harmony Portal, final configuration
may result in inconsistent state. As of now, it is advised that changes on
one partition should be done only from one place.
When the Thunder configuration has a shared object, configuration push
from Controller fails. For making either the reference to shared object
is to be removed or changes are to be made directly in Thunder. Shared
object can be linked again after the configuration push. Or configuration
can be scanned from Controller for synchronization if changes are made
directly on Thunder.
Disaster Recovery set-up breaks when Controller is upgraded. Please set-up
Disaster Recovery again after upgrading the Controller.
Certificate Admins are able to set-up alerts and reports in addition
to their assigned roles.
Thunder image upgrade from Harmony Controller fails for a few versions
(4.1.1-Px) of Thunder. Please use Thunder device CLI for upgrading the
When a VCS cluster with scaleout configuration is registered via Harmony
Portal, member devices get added in auto-generated cluster name instead
of the cluster user is trying to add them. However, the auto-generated
cluster can be renamed.
While registering a scaleout VCS cluster via Harmony Portal, if user
selects ‘Convert’ option, scaleout functionality is disabled without
any warning.
VCS cluster can only be registered to Harmony Controller if the IP
address on Thunder’s management interface is configured statically.
While running a device CLI command from Harmony Portal, multiple
partitions of different devices can be selected to run command but
multiple partitions of same device cannot be selected. In case command
is to be run on multiple partitions of same device, command to change
partition is to be included in the snippet.
When VCS cluster is registered to Harmony Controller, Ethernet interface
information of the member devices is not available.
Shared Object in Provider scope is an experimental feature. These shared
objects do not automatically get backed up in persistent storage and will
not survive if the Controller or its configuration microservice restarts.
Please contact A10 support for getting a script that persists these.
CGN Harmony App when opened from main menu opens with no data. Please
open Harmony App from Services > App Services page.
In Harmony Portal, Harmony Apps opens in a new window. In some cases,
pop-up blocker may prevent the Harmony App window to open. Please allow
pop-ups from Harmony Portal.
On some configuration screens Harmony Portal accepts values of configuration
parameter that may not be allowed by the Thunder device based on license or
some other environmental restriction.
After upgrading to this version from HC-5.1.0-Px, access logs in ADC Harmony
Apps will not be visible by default for 12 hours. Please select the time
range that does not include the time of upgrade to view the logs.


We are available at your service on Phone, and Email:

Phone: 1-888-TACS-A10 (Toll-Free USA & Canada). 1-408-325-8676 (International)