Two options that I've used in the past
1> scripts uploaded via fortimager or even ansible could do it
2> API push for address/policy/addrgrp creations
So in a env I worked at we took policy from WEST and push the same objects to the EAST and the only difference was the octet was modify for the other side. So if you do things symmetrically this is easily done.
See the pattern? the odd
is west and even
is east for the 2nd DC. We did everything like that and had the VIP pre-builts. So we really where creating new address and adding them to address-groups that where already seeded in the policies. So we had a sync script that would ensure both WEST & EAST had the same host objects for that policy. This kept our WEST and EAST firewall synchronized.
Even if tje said host was not published at the other DC in vmware, the policy was built for it regardless.
Also in the above if the policyid at WEST was policyid 8888 , it was the exact same policyid at EAST policyid 8888, this helped so we knew exactly what the match was without thinking too much about ( yes we had junior and associate level folks dealing with policy ;) )
We also generate policyid at 1024+ ( policyid numbers below 1024 where specific policys for that firewall )
At another org we where even more lazy, we put our WEST/EAST objects in an address-group and push the address-group to both WEST/EAST even tho the other subnet did not exist. You can go that route also if you like.
For a few examples on the API calls reference for add/delete take a look at my post http://socpuppet.blogspot.com/2018/07/howto-use-fortios-api-to-add-delete.html
YMMV but if you have a strong script writing or a strong dev-ops teams that can build front ends or scripts, this is the way that I would go.