The ESG's will be placed in exclusion list, However you can create a Rule in the DFW and in applied to field you can select that rule to be parsed in all the Edges to allow RDP connection as below screenshot. you can select the destination as External-Netowrk PG or upto your infrastructure scope
