Is it possible that the WAN router is reporting the traffic as ESP traffic (i.e. encrypted/tunneled)? If so, there isn't a way to isolate any client's participation in tunneled traffic. If the client IP address that you're looking for isn't present in the NetFlow data exported from your WAN router, you won't see that client when looking at the WAN router's data. If this seems wrong, you might want to fire up a packet sniffer on the machine that's running NetFlow Traffic Analyzer (NTA) and see if the NetFlow data from the WAN router contains any information about that specific client. If you're seeing that client in the sniffer data, but not from NTA, post the details here, and we'll start getting diagnostics and determine if you've found a bug.
[Edit] Most packet sniffers will decode NetFlow v5; I've used Ethereal/Wireshark and it's done well.
WRT duplication/deduplication, we've carefully avoided situations where double-counting traffic could be occurring. If you notice when you drill-down in the web interface, you'll always have a NetFlow source (either a router or an interface on that router) associated with the traffic you're looking at.
Thanks for evaluating our NetFlow product!