Best way really depends on how you plan on ultimately deploying MEG. If you are going to use it as an explicit proxy, then I would recommend configuring it as such now and using it as the upstream relay from Ironmail and then disabling all but the compliance scanner you want to test. If you are planning on deploying it as a transparent bridge or router then you can configure it as such and do the same with the policies.
I plan on deploying as explicit proxy. So I would need to enter it's IP as a relay after the 6.7.2 appliance? Once these rules are tested, it will replace the old 6.7.2 box.