I contacted support because I was getting confused, and they confirmed that ShrewLWD has the correct answer.
For those with weak networking skills like myself that are still confused, here's another way of looking at it (NOTE - this probably isn't technically correct, but it makes sense in head, at least):
All devices on the subnet also have the broadcast address "assigned" to them just by virtue of being on the subnet. The logs in question aren't describing an event where data has gone from a source, to the FortiGate, and then is supposed to exit to somewhere else, but is being blocked. What they're describing is the FortiGate's reaction to receiving broadcast traffic for its own assignment of the broadcast address, not any other device. Since, by default, the FG doesn't respond and it doesn't forward, it logs a "deny" event. (IMO "deny" is a little misleading, it's more like "ignoring," but that would create more logging complications.)