In earlier 120G/121G firmware versions, 'set speed 1000full' for affected ports is incorrectly similar to 'set speed auto'. This is a known issue 1104410 and fixed in v7.2.11, v7.4.8, and v7.6.3 and later.

From the output of the FortiGate-121G for port 21 noticed that the Link Status is Down.

diagnose hardware deviceinfo nic port21
Description :FortiASIC NP7LITE Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np7lite_0
pid :0
oid :25
vid :26
macid :25
eif_id :0
promiscous :1
mtu :1500
netdev oid :25
dev-flags :1983
dev-promis :1
Current_HWaddr 00:09:0f:09:00:1a
Permanent_HWaddr 78:28:ec:6e:92:7e
==== Default Link Settings =====
auto-nego :Enable
s_speed :1000
s_duplex :Full
==== Current Link Settings =====
auto-nego :Enable
s_status :Up
s_speed :1000
s_duplex :Full
==== Link Status ===============
Admin :Up 
link_status :Down  <--
Speed :N/A
Duplex :N/A

The FortiSwitch-244E-POE ports 27 and 28 are up.

diagnose switch trunk list

Switch Trunk Information, primary-Channel

Trunk Name: _FlInK1_MLAG0_
Mode: lacp-active (auto-isl,mclag)
Port Selection Algorithm: src-dst-ip
Trunk MAC: 38:C1:EA:C1:3C:A8
Trunk ID: 0

Active Port Up Time
___________ _________________________

port27 0 days,0 hours,3 mins,24 secs
port28 0 days,0 hours,3 mins,21 secs

Non-Active Port Status
_______________ ____________________

LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
ports: 2
LACP mode: active
LACP speed: slow
aggregator ID: 1
actor key: 17
actor MAC address: 38:c1:ea:c1:3c:a8
partner key: 17
partner MAC address: 38:c2:ea:c1:51:fc

slave: port27  <--
status: up     <--
link failure count: 0
permanent MAC addr: 38:c1:ea:c1:3c:a8
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

slave: port28b
status: up
link failure count: 0
permanent MAC addr: 38:c1:ea:c1:3c:e8
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

In affected firmware versions, if auto-negotiation must be disabled this must be done using a FortiGate internal switch command.

config system interface
    edit "port21"
        set speed 1000full
    next
end

The following command disables auto-negotiate for all SFP ports not just port21.

diagnose sys bcm_intf cli 'port ge0-ge3,ge20-ge23 an=0'

If configuring FortiGate for 1000full, an administrator must configure the matching speed setting manually on the neighboring FortiSwitch ports. The same issue can affect FortiGate connections to other switches.

Link down after upgrade to fixed version:

If a link was up before the upgrade to a fixed version, the link is down after the upgrade, and the link is configured with 'set speed 1000full', then this may be a pre-existing interface misconfiguration that was hidden by the known issue. In this case, it is recommended to configure 'set speed auto' in case that brings up the link.