I don't think this is documented in Fortinet docs, because this is not really FML specific, it is more DNS specific.
But in that case you can proceed globally as follows:
- Prepare your new FML with configuration similar to the existing one
- Setup rDNS/PTR for the new FML public IP (check with your ISP)
- Add the new A record and MX record to the public DNS, with lower priority (i.e. higher number, e.g. the old is 10 and the new is 20)
- Add the new FML public IP to the existing SPF record (in case your SPF doesn't already contain the "mx" option)
- Generate a new DKIM in your new FML and add the record in the public DNS
- Add an the new FML IP as a receive connector to your Exchange config, so it accepts mails from the new FML (safe during working hours)
- On your firewall, allow SMTP(S) inbound and outbound traffic between your MS Exchange and the new FML IP
Then during off hours do the following:
- Change the send connector on your Exchange to point to the new FML IP
- Change the new MX priority to a low value like 5
- Perform some inbound tests to see if the mails are received as expected
- Perform some outbound tests by sending mails from the mail server, you can also use mail-tester.com to check your score (should be 10/10)
- If the score is lower than 10 then correct the errors and test again until you get 10/10
- Roll-back the changes if needed (the send connector and MX value)
If the tests are fine then you can keep the changes.
I think I've mentioned all important steps.
