Does not neccessarily have to be dial up. Should also work as S2S.
Just disable p1 autonegotioation on your FGT (can only be done on cli) so olny the cisco will set up the tunnel.
Otherwise that would create "dead" SAs on the FGT when the dynamic ip changes.
Maybe you have to limit the S2S on the FGT to only accept specific peer id (afair only possible in ike v1 aggressive mode - correct me if I am wrong here) or unique proposal pair(s) in p1 and p2 since on FGT side you cannot nail it to the remote gw in this case but you need to nail it to the right ipsec if you happen to have more then one.
If there is only one you might skip that last step because this is unique then anyways.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams