Please elaborate - maybe I'm missing something?  The ISP gives a single handoff with a .16/31 (.16 for their router, .17 for mine) and a routable .0/29.  So I created an interface on the MS with the .17 address and another interface with the .0/29 I'm running the MX in HA mode with a VIP, so that requires 3 IP - on the .0/29 subnet.  I gave my MS .1, MXA .2 MXB .3 and MX VIP .4 

The other ISP does the same, but with a /30 - that routes fine for me, but the static route on the MS is that /30.  I'm not able to program 2 static routes because the subnets would overlap and I don't want to do a 0.0.0.0/1 to ISP1 and a 128.0.0.0/1 for ISP2 because that would defeat the whole purpose of having redundant ISPs

Something like this:

You don't need a L3 VLAN.

In the drawing, are you suggesting that each ISP only gets connected to 1 MX?  What's the point of the switch then?  If I understand that correctly, that doesn't work for me.  Requirements are for redundant firewalls with redundant ISPs.  

It was just an example, you can have each 1 connection on each MX without any problem.

I guess the part about what you're saying that confuses me is that since the uplinks to the ISP (/31 and /30) are on different subnets than the routable /29s, then how can I do that with L2?  I thought L3 would be needed to transverse subnets?  Apologies for my diagram as I don't have visio on this tablet.  Here's a drawing of my setup.  I think my problem is the MS default static route which is 0.0.0.0/0 via 12.76.70.205

I still insist that you don't need 2 L3s for each ISP on the switch.

You can create a transit VLAN between the MX and the switch and create a default route pointing to the IP that you assign to the MX.

In the diagram below I used VLAN 99 as an example with the network 172.16.99.0/30, so if the MX is 172.16.99.2 you just need to point this IP as the next hop of the default route.

And you would configure the ISP's /29 networks only on the WAN interfaces of the MXes, without needing to create the SVI on the switch.

I believe that is clear now, right?

I think you're missing that it isn't a /29 handed off from the ISPs.  If it were, sure, you can use a layer 2 to split the /29 into 2 handoffs.  See above - it's a /31 from one ISP and a /30 from the other.  1 usable IP for the handoff from each ISP.  The respective /29s are routed via those networks.  To assign the /29s to the MX, you either need a layer 3 switch for each ISP or a layer 3 switch that can do VRFs - which I didn't think the MS350 could do, but was hopeful that someone smarter than me had a work around so I didn't have to go to a DC 3 states over to put in another switch.

First of all, I apologize for not being smarter than you. Maybe you are right, maybe I didn't understand your point, I think because I am not a native English speaker.

The point is that if you really need to do this with Meraki, you will not achieve your goal.

Already asked.  Not an option.

I've never heard of an ISP refusing to do that.  Personally, I'd tell them I can't use the configuration and will need to change providers if they are going to be so inflexible.

Otherwise, the easiest solution is to run ISP1 into MX1 and ISP2 into MX2.

Otherwise I would get a pair of C1111-8P routers.  Configure the stub on the outside, and the /29 on the inside.  Then plug the MXs into those.

https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-routers-is...

In the US, it's somewhat standard as of late, especially in smaller markets.  I order 2-3 circuits a day for customers, almost always with a /29, and this is how they're being provisioned.  That, and we used to be able to get multiple handoffs - no longer.

Time for IPv6? 🤔😉

Thank you!  That's what I suspected and posed to meraki support on Friday but they have yet to confirm.