Hello @Vitaly,
Some of how RA operates can be extracted by looking into the ports used in this overview
As with @Michael234, we also encourage our customers to turn off RA when not required. It is a great support tool, though sensible security requires people to be conscientious with managing it.
We have seen snippets of how it works, and from what we have seen, it was built first and foremost with security in mind for protecting the customer. It is among the best product support tools from a vendor we have seen.
We have had customers do penetration testing on Peplink solutions when set up with InControl2, and you will find articles from others here in the forum on this matter.
Here are two guides that can help new people with that
