It is always ideal to have a single device take care of layer 3 firewall rules in a network (either the firewall or the AP).
In a combined network, when you apply a group policy with layer 3 firewall rules, your telling the Meraki devices to handle the layer traffic at a singular level, so bypassing the global firewall rules would be expected.
Additionally, it is always easier to track all layer 3 firewall rules on one page, rather than jump between multiple devices.
I would recommend you add the layer 3 firewall rule at the global level (on the MX).
BTW, what rule are you adding on the AP level, that cannot be added at the MX?
If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future