I am, not being very proficient in Azure but OK with AWS, would like to clarify something:
Do Asure UDRs allow you to setup routes that depend on protocols or port numbers?
If yes, which is pretty doubtful, they are still just routes external to the instance (or VM) that you are trying to connect to.
If your default gateway (CloudGuard) is defined in UDR and you want to use RDP coming from different source, you may have to hard code the return rout in the OS of the system that you are trying to access.
So "route add -p point2site_range MASK x.x.x.x Azure_VPN_gateway.
Unless I am off by a mile...
Typically, there are Jump (or bastion) hosts used for remote access.