When configuring 'negate' features under local-in-policy settings like srcaddr-negate, dstaddr-negate, or service-negate, it shows the error message as below.

FGT # config firewall local-in-policy

FGT (local-in-policy) # edit 1
new entry '1' added

FGT (1) # set srcaddr-negate enable

command parse error before 'srcaddr-negate'
Command fail. Return code -61

FGT (1) #

To fix that, it is necessary to upgrade the firmware version of the FortiGate unit to v7.0.x and above.
Then it will be able to configure srcaddr-negate, dstaddr-negate, or service-negate under local-in-policy after that.

FGT # config firewall local-in-policy
FGT (local-in-policy) # edit 1
new entry '1' added
FGT (1) # set srcaddr-negate enable
FGT (1) # set dstaddr-negate enable
FGT (1) # set service-negate enable
FGT (1) # set intf port1
FGT (1) # set srcaddr FABRIC_DEVICE
FGT (1) # set dstaddr FABRIC_DEVICE
FGT (1) # set service ALL_TCP
FGT (1) # set schedule always
FGT (1) # end
FGT #

Note:

Starting from v7.6.0, the Local-in-Policy can now be also configured in the GUI. Refer to this article: Technical Tip: Creating a Local-In policy (IPv4 and IPv6) on GUI.

In the GUI, there is a direct button for the negate feature on the local-in-policy:

Related articles:

Technical Tip: Firewall Policy 'Negate' option

Technical Tip: SSL VPN tunnel mode: negating split tunneling Routing Address IPs