The setup is like the  following:

• HUB acting as Router Reflector
• Spoke1 acting as Router Reflector client
• Spoke2 acting as Router Reflector client

Spoke1(RR client 172.16.31.3) <-------iBGP RR--- HUB (Router Reflector 172.16.31.1)<------iBGP RR------> Spoke2 (RR client 172.16.31.2)

Spoke1 is announcing prefixes 192.168.13.0/24 and 192.168.16.0/24 to HUB which applies a route-map in to modify the local-preference of these prefixes to 800. 

The HUB replicates those prefixes to Spoke2 but changes the local-preference to 600 using the route-map out however, the local-pref value remains at 800 when prefixes are received at Spoke2 side.

SPOKE1(RM_out1) -----> (RM_in local-pref 800) HUB (RM_out2 local-pref 600)------> SPOKE2
192.168.13.0/24
192.168.16.0/24

HUB side:

FGT-HUBDC1 (root) # get router info bgp network
VRF 0 BGP table version is 3, local router ID is 172.16.31.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network           Next Hop     Metric LocPrf Weight RouteTag Path
*> 10.253.0.0/24  0.0.0.0                100 32768       0 i <-/1>
*> 10.254.0.0/24  0.0.0.0                100 32768       0 i <-/1>
*>i192.168.13.0   172.16.31.3      0     800     0       0 i <1/1> <---
*>i192.168.16.0   172.16.31.3      0     800     0       0 i <1/1>  < ---

FGT-HUBDC1 (root) # show router route-map "RM-OUT-VPN_INET"
config router route-map
edit "RM-OUT-VPN_INET"
    config rule
     edit 1
      set match-ip-address "RM-OUT-INET"
      unset set-ip-prefsrc
      set set-local-preference 600 < ---
    next
   end
next
end

FGT-HUBDC1 (root) # get router info bgp neighbors 172.16.31.2 adv
VRF 0 BGP table version is 3, local router ID is 172.16.31.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network              Next Hop     Metric      LocPrf   Weight  RouteTag Path
*>i10.253.0.0/24     172.16.31.1                 600      32768 0 i <0/1>
*>i10.254.0.0/24     172.16.31.1                 600      32768 0 i <0/1>
*>i172.16.30.0/24    172.16.31.1                 600      32768 0 i <0/1>
*>i172.16.31.0/24    172.16.31.1                 600      32768 0 i <0/1>
*>i192.168.13.0      172.16.31.3                 800             0 0 i <0/1> < ----
*>i192.168.16.0      172.16.31.3                 800             0 0 i <0/1> < ----

On Spoke2 side:

FGT-SPOKE2 # get router info bgp neighbors 172.16.31.1 routes
VRF 0 BGP table version is 17, local router ID is 192.168.170.48
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network                  Next Hop      Metric LocPrf Weight RouteTag Path
*>i10.253.0.0/24        172.16.31.1        0     600 0 0 i <1/1>
*>i10.254.0.0/24        172.16.31.1        0     600 0 0 i <1/1>
*>i172.16.30.0/24       172.16.31.1        0     600 0 0 i <1/1>
*>i172.16.31.0/24       172.16.31.1        0     600 0 0 i <1/1>
*>i192.168.13.0         172.16.31.3        0     800 0 0 i <1/->
*>i192.168.16.0         172.16.31.3        0     800 0 0 i <1/->

This is an expected behavior due to route-map for Router Reflector clients being match-only and it will not change the attributes.

On v7.6.1 and later this improvement was introduced with the following command 'rr-attr-allow-change'.

This command allows to change the attribute between RR clients:

FGT-HUBDC1 (VPN_HUB1) # set rr-attr-allow-change
enable Enable setting.
disable Disable setting.  < -- disable by default

After enabling this command on the HUB side (Spoke2 BGP neighbor), local-preference is modified with the route-map out:

config router bgp
     config neighbor-group
      edit "VPN_HUB1"
          set rr-attr-allow-change enable
          set remote-as 65000
          set route-map-in "RM-in-VPN-INET"
          set route-map-out "RM-OUT-VPN_INET"
          set additional-path both
          set route-reflector-client enable
     next
end

config router route-map
        edit "RM-OUT-VPN_INET"
           config rule
              edit 1
                 set match-ip-address "RM-OUT-INET"
                 unset set-ip-prefsrc
                 set set-local-preference 600 
             next
           end
      next
end

Verifying on Spoke2 side:

FGT-SPOKE2 # get router info bgp neighbors 172.16.31.1 routes
VRF 0 BGP table version is 1, local router ID is 192.168.15.99
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network               Next Hop       Metric     LocPrf      Weight RouteTag Path
*>i10.253.0.0/24      172.16.31.1        0        600        0           0 i <1/1>
*>i10.254.0.0/24      172.16.31.1        0        600        0           0 i <1/1>
*>i172.16.30.0/24     172.16.31.1        0        600        0           0 i <1/1>
*>i172.16.31.0/24     172.16.31.1        0        600        0           0 i <1/1>
*>i192.168.13.0       172.16.31.3        0        600        0           0 i <1/1>
*>i192.168.16.0       172.16.31.3        0        600        0           0 i <1/1>

Total number of prefixes 6

This command is applied also for other BGP route attributes like Community.