I also try it with ip address only without cidr but it shows error.

what ip did you put in there?  .../24

I copied and pasted the first three in your list and comma separated them.

yeah its the version of the mx.

Anyway thanks sir.

Also did you just try doing the IP/32?

yes I tried /32 and /24 but it is the same error.

Just tried on 13.28 firmware (latest stable). Can confirm it works and not a new feature on 14.xx firmware.

I am on the same version as you mention but it doesn't work.

I just spent the last 30 minutes going thru this. I was able to recreate the error you showed. The error only occurred when trying to summarize the IPs in Group Policy using "Custom network firewall & shaping rules". I am unable to combine multiple IPs into the one rule and the error message you showed is generated. This happens regardless of firmware version.

When placed in Security Appliance > Configure > Firewall, the rule works without any issue. This leaves me to believe that it is a problem with group policy looking for only ONE IP when creating custom rules. Have you tried placing the rule in the Layer 3 section of the Security Appliance > Configure > Firewall page? This will apply to ALL groups on your MX unless you create a custom rule under group policy. If everyone is to be blocked from these IPs, my recommendation would be to place it there.

@Mr_IT_Guythank sir.
It works.

Meraki newbie here.  The answer you give looks to be for OUTBOUND traffic.  This doesn't seem to be able to keep these IPs from hitting my devices behind our MX67.  Obviously the OUTBOUND rule will keep any further traffic TO those problem IPs, but I'm wondering if this is sufficient.  For example, what would keep IPs I've enter in this OUTBOUND rule from DDOSing my servers?

Thanks in advance for any clarity you might be able to shed on this matter!

Traffic can only come into your internal devices if they first made a request out - and that case is handled.

The other case is if you NAT/port forward an inbound port.  In this case you wont be able to block the inbound packet.  You can only create an "allow" list that blocks everything except what is listed.

@TLoperDenverIT 

Thats only for http(s) traffic

@jpier I agree with you that Postman is one great way to make multiple updates with only a few quick changes. You can also take this one step further and use a scripting language like Python to access the APIs.

Another path you may want to consider is using the Policy Objects for the firewalls (yes, its beta, but its been around a while now, and there are great successes with it). You define organisation-wide Policy Groups which you can then use in your inbound and outbound firewall rules (they don't work on Group Policy, yet). Then if you need to make a change you just update the Policy Object and its applied everywhere that policy is used.