When set VPN Source as 172.16.0.0/16 (as LAN) and changed the zones to LAN, everything works fine. However, when created an address group for all 5 VLAN networks, then SonicWall dropped reply packet as Octeon Decryption failed. Checked the configuration on SonicWall and it looks correct.
In this case the issue is due to the setting of the option Level under IP | IPsec | Policy in Mikrotik device. It should be unique rather than require which is by default.
The Level options specified as below:
level (require | unique | use; Default:require)
Specifies what to do if some of the SAs for this policy cannot be found:
use - skip this transform, do not drop packet and do not acquire SA from IKE daemon
require - drop packet and acquire SA
unique - drop packet and acquire a unique SA that is only used with this particular policy
So make sure you set level of the IPsec Policy to 'unique' for each subnet in Mikrotik device if you create an address group object on far end SonicWall.