Packet mode search through a security policy searches as if a packet is travelling through it. With inline layer rules it becomes more interesting. This examples shows a match on an inline layer rule that should have not been matched as far as I know.
Example from lab: Packet mode search string:
mode:Packet src:"HP-desktop" dst:any app:TeamViewer action:Accept
We see here a match on rule 156.2 but the source HP-desktop is not part of the network group that is used as source in rule 156. Therefore it should not have gone further down to rule 156.2 and matched on any. Is this a known limitation with packet mode search and inline layers?