to bring light in this discussion DH 14 yes or not possible DH 2 yes and not etc.
VPN Key Exchange Enhancements in iOS 9.3, OS X 10.11.4 and Server 5.1
iOS 9.3, OS X 10.11.4 and Server 5.1 add support for new Diffie-Hellman key exchange groups to enhance the security of VPN connections.
These releases add support for Diffie-Hellman (DH) Group 14 and 5 to L2TP over IPSec, and Diffie-Hellman Group 14 to Cisco IPSec. The new supported key exchange proposals are:
DH Group14141414555Encryption algorithmAES256AES256AES256AES256AES256AES256AES256Hash algorithmSHA256SHA1MD5SHA512SHA256SHA1MD5
Previous versions of iOS, OS X and Server supported DH Group 2 (only) for L2TP over IPSec. Previous versions of iOS also supported DH group 5 and 2 for Cisco IPSec, with DH group 2 for aggressive mode.
DH Group 2 is still supported but it has the lowest priority when finding a proposal match. Both L2TP over IPSec and Cisco IPsec now support DH Groups 14, 5, 2, in that order of preference. For aggressive mode, the VPN client will try first with DH Group 14; if it fails, it will try again with DH Group 2. Apple recommends using Group 14 or Group 5 since they provide stronger security than Group 2, which may be vulnerable to compromise.
From this point of view I would recommend to set following in phase-1 to be sure:
set dhgrp 14 5 2
By the way the Wizard of FortiOS 5.4 sets the DH group for IOS device to DH 2 only from this point of view it will work because of the fallback possibility to DH 2!
hope this helps...