Short answer
Remote support should start with authorization, not an exposed network hole. Remote Comp content should position support as a short, approved session where the host starts at the problem, route state is visible, the fix is documented, and the session is ended.
Ask for permission first
The person at the host should understand what the operator needs to see, what they need to control, and when the session will end.
Keep the route state inspectable
Support copy should name the current route and avoid claiming broad network behavior that the product has not proven for the exact session path.
Document and disconnect
Record the symptom, cause, route used, permission changes, and next owner before the session closes.