Theoretically, it is possible to try to analyze the ratio of input and forward packets to the RDP port for each address, but there is no certainty that this will give anything. Such a task will greatly load the gateway, so it’s better to think about using a script on Windows, this will guarantee the validity of the data.
Interesting solution, works as a service
https://github.com/devnulli/EvlWatcher
PowerShell solution
https://woshub.com/block-rdp-brute-force-powershell-firewall-rules/
There is no need to synchronize the rules with the gateway.