I'm not aware of any native Horizon functionality that is similar to fail2ban. Maybe with workspaceone. You might contact F5 and see if their APM product can do that or implement something on your firewall.
To see the client IP address try enabling connection server logging to a file or syslog. Then look for the "ClientIpAddress="X.X.X.X"" and "ForwardedClientIpAddress="X.X.X.X"" sections. You should see an entry similar to.
<162>1 2018-04-26T15:03:10.986-00:00 CS01 View - 141 [View@6876 Severity="AUDIT_FAIL" Module="Broker" EventType="BROKER_USER_AUTHFAILED_BAD_USER_PASSWORD" UserDisplayName="DOMAIN\\USER" ClientIpAddress="X.X.X.X"] User DOMAIN\USER failed to authenticate because of a bad username or password