Problem with this issue, the actual vulnerability can be behind the system being targetted (see the blog here). FortiGate has no way of knowing if the server is vulnerable or of there is log4j somewhere in the path, just that the payload has been sent e.g. in a HTTP header. This is the block you are seeing.
To know if you are potentially vulnerable, block outbound LDAP and look for triggers to the FW rule.
Dr. Carl Windsor
Field Chief Technology Officer