> Chapter 5 - Best Practices > Overview > General Considerations
- For security purposes, NAT mode is preferred because all of the internal or DMZ networks can have secure private addresses. NAT mode policies use network address translation to hide the addresses in a more secure zone from users in a less secure zone.
- Use virtual domains (VDOMs) to group related interfaces or VLAN subinterfaces. Using VDOMs will partition networks and create added security by limiting the scope of threats.
- Use Transparent mode when a network is complex and does not allow for changes in the IP addressing scheme.