Release Notes


A10 Harmony Controller HC-5.3.0


ACOS Supported versions
ADC App v3.6,
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.1.0
ACOS 5.0.0-P1
ACOS 5.0.0
CGN App v3.6
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.0.0-P1
ACOS 4.1.4-GR1-P1 & P2
ACOS 4.1.1-P8-P12
SSLi App v4.1
ACOS 5.2.1-P1
ACOS 4.1.4-GR1-P5
GiFW App v3.5
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.0.0-P1
ACOS 4.1.4-GR1-P1 & P2
ACOS 4.1.1-P8-P12
GTPFW App v3.5
ACOS 5.2.1-P1
ACOS 5.2.1
ACOS 5.2.0
ACOS 5.1.0-P2
ACOS 5.1.0
ACOS 5.0.0-P1
ACOS 5.0.0

New Features for Users Running HC-5.2.0

  1. Support for Remote Authorization (in addition to remote authentication) for Harmony Controller login.

  2. Read-only roles are now available at Provider scope as well as Tenant scopes in addition to read-write roles.

  3. Controller can now be deployed in IPv6 or dual stack network and can communicate with IPv6 enabled services.

  4. Added capabilities to manage the A10 licenses locally, especially for Harmony Controllers deployed in isolated networks, A10 Enterprise License Manager (ELM) is now embedded into Harmony Controller and referred to as “ Local License Manager (LLM)”. This LLM feature is available with the Harmony Controller install. License management at the Provider level performs similar to previous releases.

  5. Controller now also supports multi-node and scaleout type Thunder clusters.

  6. Virtual Thunder can now be orchestrated in Oracle cloud (OCI) environment in addition to previously available AWS, Azure, VMWare and Kubernetes.

  7. Container Thunder orchestrated by Harmony Controller in Kubernetes environment now also supports multiple network interfaces as well as high throughput networking technologies SR-IOV and PCI Passthrough.

  8. Thunders orchestrated via Controller, can now be configured as VRRP-A cluster.

  9. Thunder device network config can now be viewed and managed from Device listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.

  10. Thunder cluster system config can now be viewed and managed from Cluster listing page of Harmony Portal in addition to CLI Snippet and Object Explorer.

  11. Scheduled Thunder cluster upgrades now minimizes disruption of application traffic by upgrading the cluster one device at a time.

  12. Alerts can now be defined on the metrics being displayed in charts in Harmony Apps. This is in addition to canned alert definitions and advance alert definition configurations.

  13. Thunder VCS clusters can now be connected to HC from any network without the need to open incoming ports on the firewall where VCS Thunder cluster is deployed. Note: In previous releases and onward this feature is also supported for Single and HA clusters.

  14. Thunder CLI snippets can now be pushed to multiple partitions in the same devices simultaneously. Ability to push the snippet to multiple devices was already available.

  15. Organizations can configure banners which users will see when logging into Harmony Controller.


  • Use of CentOS/RHEL 7.4 and 7.5 for running Harmony Controller has been deprecated. Customers are advised to upgrade the Operating System of the machines running controller to RHEL/CentOS 7.6 onwards before upgrading to Harmony Controller HC-5.3.0.

  • Direct upgrade support from HC-4.2.1-Px to HC-5.3.0 is not available. Customers are advised to upgrade to HC-5.2.0 from HC-4.2.1-Px before they upgrade to HC-5.3.0.

Fixed Issues

Item ID
With complete Thunder config management from Controller, synchronizing Thunder users to Controller is no longer needed. Users at controller can manage all aspects of Thunder with required RBAC.
HARMONY- 18262
The Thunder devices launched via HC can now be added to a cluster. VRRP-A can be configured on the cluster from controller.
A Thunder VCS cluster deployed in different network from controller (behind firewall), can now be registered using Tunnel feature.
Upgrading from HC-4.2.1-Px to HC-5.3.0 is NOT supported and hence this issue is no longer relevant.
PDF reports now display time zone information along with time to avoid any confusion.
DR Setup now works fine across controller upgrades.
Certificate Admins’ privilege is now limited to management of certificate and CRL.
When a VCS cluster with scaleout configuration is registered via Harmony Portal, now member devices get added in the cluster user is trying them to add.
While registering a scaleout VCS cluster via Harmony Portal, if user selects ‘Convert’ option, scaleout functionality now continues to work.
A Thunder 5.2.1, VCS cluster Controller registration is supported when the Thunder’s IP management interface is configured for DHCP
Shared Object in Provider scope are now being persisted.
In Harmony Portal, opening of Harmony Apps in new window is now not impacted by the popup blocker.
While running a device CLI command from Harmony Portal, multiple partitions of different devices as well as of same device can be selected to run command.
GUI-3548, HARMONY-20310
When VCS cluster is registered to Harmony Controller, all interface information of the member devices is now available.
Harmony Apps work fine when opened from main menu.
Large Thunder config is now supported in Harmony Controller for most operations. Other smaller issues are listed in known issues below.
GUI-3339, GUI-3344
Shared objects are now being deployed properly when pushed to Thunder from Harmony Controller.
In case of assigning device license to VCS cluster, license is now being allocated to all the members of the cluster equally. Refresh may be required to reflect the info.
CM-684, HARMONY-19113
Configuration management of Thunder VCS clusters from controller is now supported. However, it is still recommended is to convert VCS clusters to multi-node clusters to keep management intelligence at one place.
CM-680, GUI-1341, GUI-1342, CM-622, CM-667
Configuration push mechanism from controller to Thunder is enhanced to avoid failures.
GUI-2039, GUI-3833
On some configuration screens Harmony Portal may accept values of config parameter that may not allowed by the Thunder device based on license or some other environmental restriction. Proper error message is now being provided in Harmony Portal for such cases.
Virtual IP addresses (VIPs) created via Harmony Portal are now being pushed to Thunder devices as soon as they are created.
CM-624, GUI-2303, GUI-1995, GUI-2422
Now Harmony Portal hides pages based on roles and Tenant admins can’t view the devices and partitions.
After upgrading to this version from HC-5.1.0-Px, access logs in ADC Harmony Apps will not be visible by default for 12 hours. Please select time range that doesn’t include the time of upgrade to view the logs.

Known Issues

Item ID
When a Thunder with ACOS 5.2.1 is deployed in a Scaleout cluster, any cluster configuration changes made later in Harmony Controller are saved in Harmony Controller, however these changes fail to reflect in the Thunder device.
Partition provisioning to tenants fails in Harmony Controller because Thunder with ACOS 5.2.1-P1 fails to establish a SaaS Tunnel with Harmony Controller.
In case of HA Failover, analytics show the new active device status even for historical data that belongs to old device.
When Thunder configuration is modified directly on Thunder, it does not automatically synchronize with the Controller. Using ‘Scan’ option brings the configuration to Controller from the device. However, making all configuration changes from Harmony Portal (Global Object Explorer) is recommended after registering Thunder to Controller.
Options for scheduled device configuration backup and restore from Harmony Portal are temporarily reduced and only daily backup is available for now.
When existing configuration is imported or scanned from Thunder device, some properties may not show up properly in Harmony Portal.
The Thunder Onboarding help that pops up on first time login does not display how-to perform the steps. It is recommended is to use product documentation for details.
When size of Thunder configuration is large, configuration exchange actions (e.g. config push/scan, config backup/restore) between Harmony Controller and Thunder may fail.
In some cases, to avoid disruption of environment or application traffic, configuration push from Harmony Controller to Thunder may not succeed.
A few system created Partitions may be visible to admins. These are for internal use by Controller sub-system. Users are advised not to change anything in those accounts.
For old version of Thunders, some information like log collection rate, request rate, detailed service status etc., may be displayed incorrectly. Please consider upgrading Thunder to ACOS 5.x.
Thunder image upgrade from Harmony Controller fails for a few versions (4.1.1-Px) of Thunder. Please use Thunder device CLI for upgrading the Thunder.
After controller upgrade, in some cases, newly introduced device information (e.g. network info) may not be available in Harmony Portal. Scanning the cluster config brings all the information.
Controller upgrade may take long time in case there are large number of Thunder objects registered with controller.
GUI-4102, HARMONY-21613
Scheduled CLI Snippet execution tasks are not deleted with deletion of devices. They need to be manually deleted.
Thunder orchestration via Harmony Controller in IPv6 network is not yet supported.
If multiple access-groups of same Provider are assigned to a user, Harmony Portal renders based on only one access-group and the user may not get all intended privileges. Consolidate all intended privileges for such a user into one access group and assign that to the user.
App admin role is temporarily discontinued. However, in case your controller installation has access groups based on this role, it will continue to work and users will be able to login.
GUI-4705, GUI-4615
For old versions of Thunder, configuring some attribute from controller may result in error. Please use CLI snippet push functionality of controller if the case arises.
After deleting a Scaleout Thunder cluster, if it is again mapped to the same tenant, analytics information may not resume. Workaround is to map it to a different tenant.
Registration of a Scaleout Thunder cluster without VCS may result into issues when registered from Thunder side. Recommended is to initiate registration of such clusters from Harmony Portal.
Scaleout Traffic Map in harmony Portal may not display properly for Thunder Scaleout clusters without VCS.
In some cases for VRRP-A Thunder clusters, configuration changes from controller may fail on standby device. Suggested is to use CLI snippet push functionality of controller if the case arises.

Known limitations

Item ID
HC installation and functioning requires firewalld to be disabled and inactive on the host machine(s). If firewalld is enabled and/or is active on the host machine at the time of installation, HC installer will prompt the user and disable the firewalld.
When upgrading an older CentOS version to a currently supported version (CentOS 7.9 onwards), a blanket yum update should not be made. It causes an upgrade of the Docker version to 20.x, which is not supported. So, it is recommended that OS components be upgraded selectively or to exclude Docker from the OS upgrade.
In ACOS 5.2.1-P1, when HC retrieves and scans ACOS objects with encrypted attributes and later re-deloys the objects if any updates are made to the objects, ACOS rejects the objects. This issue happens only for objects with encrypted attributes, configured on the device. The objects are initially scanned from the device. The issue does not happen if objects are created initially from Harmony Controller.


Item ID
HC Installer fails to complete properly when node has HTTP-Proxy configured.


A10 networks is available for support by Phone and/or Email:

Phone: 1-888-TACS-A10 (Toll-Free USA & Canada). 1-408-325-8676 (International)