This article describes the case where the quarantined device is not blocked because it has not been created in the policy rule.

Quarantine an active device, based on the device's MAC address: 'Firewall addresses are automatically created for the quarantined MAC address, and the addresses are added to the QuarantinedDevices address group and then manually create a policy to block traffic from quarantined devices.'

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/900942/quarantine

Several suspicious devices from the wifi clients have been added into quarantine.
However, the quarantine device still can be reachable.

The quarantined MAC address 4e:e3:c3:ef:24:9d has been added automatically to the address group 'QuarantinedDevices' below.

config firewall addrgrp
    edit "QuarantinedDevices"
        set uuid c9a317c2-ec82-51ed-187f-ff029e953e3d
        set member "qtn.mac_00:00:00:00:00:00" "qtn.mac_ee:10:b1:d5:87:7f" "qtn.mac_16:75:c9:98:79:50" "qtn.mac_4e:e3:c3:ef:24:9d" "qtn.mac_36:6e:0f:97:2e:d1"
    next

However the address group 'QuarantinedDevices' has not been added to the policy rule to block connections.

The next step is to go to Policy & Objects -> Firewall Policy and create a policy rule to block traffic from quarantined devices to the target network or addresses.