Ok, if you want ethernet 0/3 to completely replace ethernet 0/0 (as in, eth 0/0 is going away...), this list of commands should do the trick. You'll need to put in the appropriate IP addresses.
First, you'll need to set up your VIP services on your new interface:
set interface ethernet3/0 vip interface-ip 80 "HTTP" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 8151 "Camera - Front Desk" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 1419 "Timbuktoo" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 5003 "FileMaker" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 21 "FTP" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 548 "Apple Filing Protocol" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 8150 "Camera - Elevator" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 8152 "Camera - Back Office" xxx.yyy.zzz.aaa
set interface ethernet3/0 vip interface-ip 8008 "iCal" xxx.yyy.zzz.aaa
I'm not sure why you're doing the source routing, it looks like you're throwing away packets coming into your network (routing through interface null). You can probably do whatever you're trying to do there with a security policy, and I'd get rid of the source routing:
set vrouter "trust-vr"
unset route source in-interface ethernet0/0 0.0.0.0/0
unset route source in-interface ethernet0/3 0.0.0.0/0
And you'll also want to remove the default route going out eth0/0, and probably clean up how the correct default route is defined:
set vrouter "trust-vr"
unset route 0.0.0.0/0
set route 0.0.0.0/0 gateway xxx.yyy.zzz.aaa
xxx.yyy.zzz.aaa should be the next-hop of your new default route (which goes out via ethernet0/3)
There's no real need to specify interface or preference unless you have a specific need, and from looking at your config it doesn't appear that you'd need it.
You have ethernet0/3 set to "nat" mode, but I don't see any NAT policies configured, you probably want to set it to "route" mode unless you will be doing source NAT through this interface (in which case you'll need to configure all the policies to do that):
set interface ethernet0/3 route
Then you'll want to fix policy ID 4 to use your new VIP. Since we're already in the CLI, we can do it here:
unset policy id 4
set policy id 4 from "Untrust" to "DMZ" "Any" "VIP(ethernet0/3)" "Apple Filing Protocol" permit log
set policy id 4 anti-spam ns-profile
set policy id 4
set service "Camera - Back Office"
set service "Camera - Elevator"
set service "Camera - Front Desk"
set service "FileMaker"
set service "FTP"
set service "HTTP"
set service "HTTP-EXT"
set service "IMAP"
set service "SMTP"
set service "Timbuktoo"
set service "VNC"
set log session-init
exit
Finally, you can take ethernet0/0 out completely:
unset interface ethernet0/0 ip
unset interface ethernet0/0 zone
Just a note that you may want to consider... you may not want to have services like telnet and unencrypted http open on your untrust interface. I see you currently have the following:
set interface ethernet0/3 manage ping
set interface ethernet0/3 manage ssh
set interface ethernet0/3 manage telnet
set interface ethernet0/3 manage snmp
set interface ethernet0/3 manage ssl
set interface ethernet0/3 manage web
I would recommend you take telnet and web out, at a minimum, and manage the device via ssl / https, and SSH if you must manage it from your Untrust zone. The better option, of course, is to not manage the device from the Untrust interface.
These changes *should* get you to where you've described you want to be. You can copy/paste them into a text editor and put in the IP addresses, etc., and then just copy/paste them into the CLI to make the changes. Maybe some of the other members can read through my changes and make sure I haven't been hitting the cold medicine too hard, but I don't think I've missed anything and I don't think anything will break. However, backup your config before you make any changes!!!! That way, if it blows up, you can revert your config back to the saved copy.