@MFisher both the settings at the bottom of that page are organisation-wide.
When you create the non-Meraki VPN peer it will route traffic over that VPN based on the subnets you configure in the peer information. You can restrict which networks in the organisation build connections to the non-Meraki peer using tags, but note that a non-Meraki VPN can’t be accessed across an AutoVPN, I.e. traffic flow can’t be across an AutoVPN hop, then across the non-Meraki VPN.
The VPN firewall settings are also organisation-wide, so anything you put in there will apply to all networks, including the AutoVPN links. By default it allows everything, but you can obviously create a more restrictive policy if needed.
So in answer to your question. Configure the subnets only in the non-Meraki peer configuration to start with, leaving the site-to-site outbound VPN firewall as allow any to any. Once you’ve got the VPN working then you can restrict it with the outbound VPN firewall if needed.
Our Non-Meraki peer in the different organization is up and communicating through our Hub that hosts both Auto-VPN and Non-Meraki peer connections.
However, on our Hub in the separate organization, we have an implicit deny configured on its "Site-to-Site VPN outbound firewall" rules.
So apparently the "site-to-site outbound firewall" rules do not restrict "Non-Meraki VPN peer" traffic since we never included those remote subnets in the site-to-site outbound firewall rules on our Hub. We only specified the Non-Meraki peer subnets in the "Non-Meraki VPN peer" configuration.