I've just moved over to an MX250 as our core firewall. I'm looking to see if there is a better way to block incoming IP addresses aside from individual L7 rules denying IP/32? I get a lot of attempts against our Exchange Server, as it is public facing. I'd like to take the daily list of IPs and enter them all together, versus separate line items. With my SonicWALL, I simply created a group called Risk Address and added IPs to it. Since incoming from Risk Address was blocked, any added to that group was automatically blocked. Within Threat Protection, I do have Intrusion Detection at Detection and Balanced, as I wanted to get a feel for how it was working. I did see one topic in the community, but it appeared that the answer actually was blocking outgoing to the IPs, not incoming.
The MX (or any FW for that matter) will always block inbound traffic, unless initiated from outbound traffic from within the network. Not sure if it would help but you could do the L7 countries option and block countries.
Otherwise, L7 is the only way I know to specifically block an incoming public IP and I don't think there is a fast way to implement this. I don't seen anything API side that would help.