As far as I can tell there isn't a way to whitelist an IP in the Threat Protection (Snort IPS/IDS). What are you doing when it comes to performing vulnerability scans on your network because of this limitation? Do you have a workaround? I'm only using the MX line of Meraki products.
I think you can exclude the address/range here? "security appliance > Threath protection > Protected networks"
I don't see the option for "Protected Networks" there under security appliance > Threat protection.
This "Protected networks" field seems to be only available when in "Passthrough or VPN concentrator" mode.
The only option I can think of is to change the mode from "Prevention" to "Detection" for the duration of the scan. Then at least it wont attempt to stop it - only log it.
Create a group policy and apply it to the clients that will be in the test, schedule it for the days and times for the test as well and disable AMP. I suspect IDS/IPS is disabled when AMP is inactive. Not sure but give this a test. Make a wish to include IPS/IDS controls in the Group Policy options.
I've filled out the 'Make A Wish' for this same reason. I like the idea someone mentioned about using detect instead of prevent, but we have too many networks to do this manually each time.