Hi,
I had the same issue tonight with a SSG-20 that was running 6.20r3.
I uploaded a new config that included some new commands supported in 6.20r3, the unit rebooted but never came back online (I was working remotely via VPN).
Anyway once onsite I established a console connection via serial port and found the SSG-20 had booted properly through the boot loader, it had loaded the software image from flash and loaded the software image into memory all without issue.
When it started loading the configuration I found I had the same issue as you where it would freeze there and no continue loading the configuration, bringing up the interfaces etc...
In short I could not even ping a network interface. I could not use the console to login using the serial number to reset the configuration to factory default as the console was locked trying to load the corrupt configuration and stayed unresponsive.
I tried holding down the reset button (4-6 sec down) but the status light would not go orange (but the power light did).
In short none of the methods would work to reset the configuration to factory default and I could not load the SSG-20 up to fix the configuration as the configuration it had was corrupt.
The fix was this
1) I conencted a PC directly to the SSG-20 network interface ethernet0/4 (its a Trust interface by default in my config and factory default). Normally this interface is connected to a internal switch but to increase the chance of success I patched the PC directly to the port
2) I downloaded ScreenOS 6.1.0r6 for the SSG-20 to the PC, checked the MD5 and extracted the file to C:\Temp
3) I disabled all AV and firewalls on the PC
4) I started a TFTP server (daemon) on the PC and shared the C:\Temp folder that contained . I use TFTPD32 from http://tftpd32.jounin.net
5) I disabled the DHCP server thats in TFTPD32 by default
6) I connected to the SSG-20 using a console cable connected to COM1 using 9600 baud
7) I rebooted the SSG-20 (by pulling the power cable)
😎 As the boot loader was loading it prompts you to press a key to break out of the automatic load
Hit any key to run loader
9) Press a key, you should now be prompted for the boot file name. Enter the name of the firmware file you extracted to C:\Temp in step 2). In my case ssg5ssg20.6.1.0r6.0
10) You should now be prompted for the IP address to give the SSG-20, I entered the IP the trust interface normally had
11) Next you are prompted for the IP address of your TFTP server (the IP address or the PC running TFTPD32)
12) Now it should say Loading file ssg5ssg20.6.1.0r6.0, this is it download the firmware from the TFTP server. It writes a series of "at" characters to the console
13) It should then say Load successful and tell you the size of the file it TFTP'ed
14) It will then say Ignore image authentication!
15) It will ask you if you want to save the new firmware to the on-board flash disk, say yes (y). It will count up in percent as it does this
16) Once thats done it will ask you if you want to run the downloaded system image, say yes (y)
17) It should now load properly. Being an old version of ScreenOS it did not support a lot of the commands in the config it had but at least I now had a working device
The theroy here is to load a older, more robust firmware that could handle the corrupt configuration (in fact it basically just ignored any part of the configuration it could not understand).
I was then able to factory reset it (I used the method of logging in at the console using the serial number of the SSG-20 as the username and password.
Once that had rebooted, I then uploaded the my config
Once that had rebooted I then upgraded the the firmware to 6.2.0r3 again
Once that had rebooted I loaded my final configuration again, this time it understood everything being the correct version of ScreenOS
I know had by SSG-20 working normally again, running the ScreenOS it was running before and with a full working copy of my configuration instead of a corrupt copy
Hope this helps someone
MC