You don't get a straight answer, because there isn't. A default value which will protect all possible environments will practically have block access to internet.
-AntiVirus default will protect you as overall there is not a lot to modify on it.
-WebFilter block URLs, by default it will block domains rated as security risk and some potentially liable but other than that it is up to you to define what websites you want to be allowed in your network.
-Intrusion prevention there are a few default settings which will block the most common vulnerabilities and it might work for your case, but you can't block all as this will lead to a lot of false positives and technically block your internet. You need to know what you are protecting and from what you are protecting it - do you have linux servers or windows servers ? What services their are running ? What patches they have and what vulnerabilities they are vulnerable to etc.. Ideally you will have to tweak it.
- App control - similar to web filter, what apps you want to allow and what not, it will be different for every environment.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.