F5 bot defense - false positives

I'm hoping someone can offer some advice. We have a Bot defense service (ex Volterra I think?) running on our WAF, and we're getting a lot of false positives, far greater than what we'd initially expected or what I've seen estimated online. It's an angular application with a .NET back end. There's a range of services, mostly internal that are also running.

At the moment, we're only covering a small range of endpoints as a test, but the results have not been great and at some point in the use of the application, almost every customer is being flagged as a bot while tracking through the user experience. I have read elsewhere that we might need to force the application to load the interstitial JavaScript file. It's currently marked as synchronous, then it loads a couple of other JS files asynchronous, these seem to be called from the first js file. The tag is first in line after the HEAD html tag. I am currently concerned that loading order could be the cause? But might only account for the false positives at the startup/entry point of the application.

There's nothing else particularly special happening with the application, it's a publicly accessible Angular web app with a range of backend services, some called internally, some called directly through an API.

As it is at the moment, I'm not exactly sure how we can trust the results and what the point even is if the false positives are so much higher than expected. I realise this is a complicated problem to get 100% right, but I'd expected a lot more for what I believe is a significant annual cost.

Can anyone please confirm if this is a common concern or if it is expected and normal? or if there is something we're missing here? Any pointers for what we can do at the application level to resolve this?

Thanks a lot.

Dudley.