Sorry, I might not understand this correctly... Since VPNFilter is obviously proven to be bad stuff and AMP already has its signature and blocking it why do I still need to manually create content filtering rules ( to block those Photobucket links ) and Layer 3 firewall rule to block those bad IP?
Good question. If you read the Talos blog post, it mentions particular routers that are vulnerable. Meraki MX isn’t one of them. However, if you have one of the affected routers elsewhere in your network, there is a small chance those other routers are affected.
You are correct that have IPS enabled is the most important piece to keep the network safe. Content filtering and Layer 3 firewall rules are mostly redundant steps to provide additional safety.