I'm glad to hear I'm not the only one interested in using a feature like this.
Based on my own research and conversations with Fortinet, the Fortigate will only use IP Reputation for the "Block Botnet Connections" feature of the AV profile. I have not been able to confirm if this database is automatically updated at the same time as the rest of the FortiGuard updates.
I feel like the FortiGate falls short when it comes to using the IP Reputation feature of FortiGuard.
Thanks for posting a follow up - it looks like you've reached the same conclusion that I did. My understanding is that there are more IP reputation features available on the FortiWeb and FortiADC appliances; perhaps this will come to the Fortigate in a future update.
I'm currently looking at strengthening our current security by quarantining IPs based on obvious malicious behaviour (detected vulnerability scans, SMTP authentication failures etc.). I took a sample from the logs of IPs generating nothing but malicious traffic against our live firewall and at least 80% were listed in the Fortinet IP database as known to be malicious (using the online lookup tool).
My strategy for now will be to configure an IPS sensor for all traffic to quarantine malicious IPs and run all traffic through it on a standalone IPv4 policy screening all inbound traffic; I suspect that it would be much easier to achieve this if there was a straightforward method of leveraging a local copy of the reputation database.