The gateway client settings is not properly selected when switching from pre-logon user to the logged on user

• GlobalProtect user does not get the correct IP address from the IP pool assigned to the group the user belongs to. 
• GlobalProtect user does not get the correct split tunnel configuration. 

• GlobalProtect
• Client machine OS: Windows
• Connect Method: Pre-logon.
• Any PAN-OS

• If "Pre-Logon Tunnel Rename Timeout (sec) (Windows Only)" is configured a value of "-1", this means the pre-logon tunnel does not time out after a user logs on to the endpoint; GlobalProtect renames the tunnel to reassign it to the user.
• If it is configured a value of 1 to 600, this indicates the number of seconds in which the pre-logon tunnel can remain active after a user logs on to the endpoint.
• This implies that the tunnel remains up and is only renamed from one user to another, which means the client settings on the gateway is not re-evaluated to match the logged on user, which is why the user has the same configuration as the pre-logon user.

To resolve this behavior, you can implement either of the following solutions:

1. Configure "Pre-Logon Tunnel Rename Timeout (sec) (Windows Only)" to be a value of "0", this will terminate the pre-logon tunnel instead of renaming it and it will create a new tunnel for the logged on user, which will trigger a new selection for the gateway client settings.
2. Refresh the connection on the GlobalProtect client, this will terminate the existing tunnel to recreate a new one and in the process, it will re-evaluate the client settings to match the logged on user.