the auth-portal-timeout is not for deauthenticating portal users, if I remember correctly, but how long FortiGate will wait to complete a captive-portal authentication (this can take a few minutes if external captive portals and/or user registration and/or activation links/codes are involved).
Try the following setting:
#config user setting
#set auth-timeout-type hard-timeout
#set auth-timeout 120
This should enforce a hard-timeout after two hours.
Please note this will affect ALL users, not just captive portal users!
As an alternative, you can look into webfilter quotas:
This is an option available in proxy-mode (the vdom or webfilter profile needs to be in proxy mode); you could then set time-limits for specific or all webfilter categories to block users after they have reached the limit. The quota resets at midnight. You could set that on the policies handling captive portal traffic to ensure users going through these policies will get their access blocked after a certain amount of time.
As for enforcing a set time period before a user can connect again, I'm not sure this is possible; I've done a bit of research, but not found anything so far. There are some authentication blackout settings, but those only take effect after a user has failed authentication multiple times, which is not going to be the case with just a disclaimer.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++