Thanks for your fast response! You are absolutely correct.
The pre-authentication setting is not relevant to the Web Gateway. I double checked the Kerberos pre-authentication setting at another customer side who use Kerberos authentication with the Web Gateway and it is enabled by default in the Group Policy. The authentication is working perfectly of course.