Similar to the false negative rate, another useful measurement is the false positive rate. This tracks legitimate user requests that are erroneously flagged as malicious. The higher the false positive rate of your Web Application Firewall, the more legitimate user traffic is likely to be erroneously blocked. Ask your vendor how they measure false positives, and what the false positive rate is for its product.
WAFs with a low false negative rate (stricter WAFs) will typically have a higher false positive rate, and vice versa: WAFs with low false positive rates typically have a higher false negative rate. Most WAF solutions require you to make this tradeoff. You may have to decide whether you can more readily tolerate blocked users (i.e., paying customers) or unblocked attacks.