I suspected the FortiGate bug, but that was incorrect. I received a couple of packet captures from this server. Two main points.
There were five clients with systemd-timesyncd patterns. This caused a lot of pointless NTP requests.
The server runs the NTF (NTP reference implementation) code. When KOD is enabled, responses to the high rate requests are suppressed or stopped. [This is the best option, IMHO] This explains the inbound vs outbound difference. I suspect that rate tracking requires extra CPU load.